Detection Engineer (Remote)
Are you passionate about identifying threats before they become incidents, building advanced detections, and strengthening an organization's security posture through proactive monitoring? If you thrive in an environment where you can translate real-world attack techniques into actionable detections and continuously improve security visibility, then Payatu is the place for you. We are always on the lookout for talented individuals to expand our renowned Bandit family at Payatu. Who We Are Payatu is an ISO9001:27001 certified company focused on driving excellence, growth, and innovation to make the cyber world safe for every organization, product, and individual. As a leading cybersecurity company, we specialize in offensive security, threat detection, and security research. As we continue to grow, we are looking for a Detection Engineer who can help build and enhance detection capabilities across modern enterprise environments.
Key Responsibilities
Detection Development Translate offensive security findings, penetration test reports, and red team assessments into actionable detection use cases. Develop, validate, and maintain detection rules across SIEM and EDR platforms. Build correlation-based detections using Splunk and native detections within platforms such as CrowdStrike Falcon and Microsoft Defender. Validate detections against live telemetry and ensure production readiness. Collaborate with offensive security teams to ensure accurate detection coverage for identified attack techniques. Coverage & Visibility Maintain and improve MITRE ATT&CK coverage across the organization. Identify detection gaps and recommend appropriate monitoring controls. Continuously assess and improve visibility into emerging threats and attack techniques. Work with engineering teams to ensure required log sources and telemetry are available for effective detection development. Security Operations & Triage Develop investigation guides and runbooks for security operations teams. Support MSSP and SOC teams by improving alert quality and reducing false positives. Collaborate with incident response teams to enhance detection logic based on lessons learned from investigations. Assist in tuning and optimizing detection rules to improve operational effectiveness. Governance & Continuous Improvement Maintain a centralized detection rule repository with proper documentation and version control. Manage and prioritize the detection engineering backlog based on risk, threat intelligence, and offensive security findings. Contribute to detection engineering standards, processes, and best practices. Report detection coverage and security monitoring effectiveness to stakeholders through measurable metrics. You Are a Perfect Technical Fit If You Have 3+ years of experience in Detection Engineering, Security Operations, Threat Detection, or related cybersecurity roles. Hands-on experience writing and maintaining production-grade detection rules. Strong understanding of MITRE ATT&CK Framework and adversary tactics, techniques, and procedures (TTPs). Experience working with SIEM platforms such as Splunk. Hands-on experience with EDR solutions such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or similar platforms. Knowledge of attack methodologies and offensive security concepts. Experience validating detections through purple teaming, atomic testing, or simulation exercises. Strong analytical and problem-solving skills with the ability to work in dynamic environments. Good to Have Experience with Sigma rule authoring and cross-platform detection engineering. Exposure to Threat Intelligence integration and threat-driven detection strategies. Understanding of risk-based alerting and alert prioritization techniques. Offensive security certifications such as OSCP, CRTE, or equivalent. Experience with CrowdStrike Falcon detection authoring. Familiarity with MITRE ATLAS and AI/ML threat detection concepts. Scripting experience in Python for automation, log analysis, or tooling development. Experience in creating security standards, logging frameworks, or governance documentation. Apply To This Job