Detection Engineer

Position Overview

The Detection Engineer is responsible for analyzing malware and adversary behavior, developing emulations, and creating detection logic to improve visibility and response across enterprise environments. This role supports detection engineering, threat hunting, and incident response by translating malware analysis and telemetry insights into actionable detections and high-quality technical reporting.

Responsibilities
• Perform static and dynamic malware analysis using tools such as Detect It Easy, System Informer, and API Monitor to build attack chains and support emulation development.
• Reverse engineer payloads and scripts to document execution behavior in detail.
• Write emulations in languages such as C++, PowerShell, C#, and others to emulate malware behavior identified during analysis.
• Develop detection logic based on emulations and malware analysis findings.
• Identify telemetry gaps in Sysmon, auditd, EDR, and other data sources to improve detection coverage.
• Produce high-quality technical reports with executive-level summaries of findings.
• Debug malware and emulations using tools such as x64dbg, WinDbg, or other debuggers.
• Analyze applications for vulnerabilities using reverse engineering and debugging tools.
• Correlate events across incidents and malware behaviors identified during malware analysis.
• Conduct hunt activities from a detection engineering perspective.

Educational Requirements / Qualifications
• Strong understanding of Splunk Search Processing Language (SPL).
• Proficiency in coding languages including C++, C#, Python, and Perl.
• Proficiency in scripting languages including PowerShell, JavaScript, and VBScript.
• Strong understanding of networking fundamentals.
• Strong understanding of Windows and Linux internals.