Detection Engineer📣 Job Ad
| Contract Type | Full-time | |
| Workplace type | On-site | |
| Location | Makkah |
Job Description
About the Detection Engineer Role
KAUST (King Abdullah University of Science and Technology) is seeking a Detection Engineer to join its team in Makkah, Saudi Arabia. This full-time role is central to designing, building, and continuously improving the organization’s threat detection capabilities. The engineer will translate threat intelligence and adversary tactics into high-fidelity detection logic, conduct proactive threat hunting, and engineer automated detection content across the security stack. The primary objective is to ensure security operations can effectively identify malicious activity while minimizing alert fatigue through precision detection engineering.
Key Responsibilities
- Design, develop, and deploy detection rules and alerts across multiple security platforms, including SIEM, EDR, NDR, and cloud security tools.
- Create high-fidelity detections based on threat intelligence, MITRE ATT&CK techniques, and emerging threats, utilizing query and rule languages such as KQL, SPL, Sigma, and YARA.
- Conduct proactive threat-hunting campaigns to identify gaps in detection coverage and analyze adversary tactics, techniques, and procedures (TTPs).
- Perform regular testing and validation of detection rules using attack simulation, red-team exercises, and tools like Atomic Red Team or CALDERA.
- Identify and onboard new log sources to improve detection visibility, ensuring log quality, completeness, and normalization across all data sources.
- Develop automation workflows for detection deployment and management (Detection-as-Code), building tools and scripts to streamline engineering processes.
- Manage detection-related incidents, requests, and changes through ITSM workflows, ensuring documentation and SLA compliance for development and tuning requests.
- Collaborate with SOC analysts, incident response, and threat intelligence teams to refine detections, operationalize intelligence, and mentor junior engineers.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- GIAC Certified Detection Analyst (GCDA) or an equivalent certification is preferred.
Professional Experience
- 5-10 years of experience in security operations, threat detection, or SOC environments.
- Proven track record in developing detection rules across multiple security platforms.
- Experience contributing to open-source detection projects (*, Sigma, YARA).
- Familiarity with behavioral analytics or machine-learning-driven detection approaches.
- Exposure to offensive security, red teaming, or penetration testing.
- Experience implementing Detection-as-Code pipelines.
- Hands-on experience with breach-and-attack simulation or threat-emulation tools.
Technical Skills and Expertise
- Detection & Query Languages: Expert proficiency in SPL (Splunk), KQL (Sentinel/Kusto), SQL, Sigma, YARA, Snort, and Suricata.
- Security Platforms & Tools: Hands-on experience with SIEM (Splunk, Elastic Security, Microsoft Sentinel, Chronicle, QRadar), EDR/XDR (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black), NDR (Zeek, Suricata, Corelight), and SOAR platforms.
- Threat Intelligence & Frameworks: Deep understanding of MITRE ATT&CK, experience operationalizing threat intelligence, and strong knowledge of adversary behavior, TTPs, and attack patterns.
- Programming & Scripting: Proficiency in Python, experience with PowerShell and/or Bash, understanding of APIs, RESTful services, data structures, Git, and CI/CD workflows.
- Log Analysis & Data Science: Strong log analysis and parsing skills, understanding of normalization, enrichment, correlation, statistical analysis, anomaly-detection approaches, and knowledge of common log formats.
- ITSM & Documentation: Experience with ITSM platforms (ServiceNow, Jira Service Management), working knowledge of ITIL processes, and strong documentation skills.
- Operating Systems & Networks: Deep understanding of Windows, Linux, and macOS internals, strong knowledge of networking concepts, protocols, traffic analysis, understanding of authentication and identity technologies (Kerberos, NTLM, SAML, OAuth), and familiarity with AWS, Azure, and/or GCP logging and security telemetry.
Work Environment
This is a full-time position based at KAUST in Makkah, Saudi Arabia. The successful candidate will contribute to a dynamic and innovative environment focused on advancing scientific and technological research.
Requirements
- Requires 5-10 Years experience
Similar Jobs
You may also like
- Related Detection Engineer Opportunities
- Sales Representative Jobs in Al Khobar
- Purchasing Manager Jobs in Al Khobar
- Graphic Designer Jobs in Al Khobar
- Host Jobs in Al Khobar
- Barista Jobs in Al Khobar
- Other Job Fields in Makkah
- Sales Representative Jobs in Makkah
- Purchasing Manager Jobs in Makkah
- Cashier Jobs in Makkah
- Barista Jobs in Makkah
- Marketing Specialist Jobs in Makkah
- Receptionist Jobs in Makkah
- Business Development Specialist Jobs in Makkah
- Real Estate Marketer Jobs in Makkah
- STOREKEEPER Jobs in Makkah
- Pharmacist Jobs in Makkah
- Explore Jobs Across Saudi Arabia
- Mechanical Engineer Jobs in Jeddah
- General Services Controller Jobs in Hail
- Road Engineer Jobs in Dammam
- Physical Therapist Jobs in Abha
- Physiotherapist Jobs in Abha
- Bus Supervisor Jobs in Makkah
- Security Guard Jobs in Ar Rass
- Electrical Engineering Technician Jobs in Al Wajh
- Dental Assistant Jobs in Al Jubail
- Electrical Engineering Technician Jobs in Najran