Detection Engineer (with Python knowledge) (#3854)

Detection Engineer (with Python knowledge)

Our client, Recorded Future, leverages massive amounts of data to construct the valuable insights that keep our customers safe. As cyber threats evolve, so must our detection capabilities. We continuously create and refine detection rules to stay ahead of emerging threats, and these detections must be tailored to the unique environments and needs of our customers for maximum impact. We are seeking a Detection QA Engineer to lead efforts in automating, scaling, and assuring the quality of our detection content. Your work will directly support the delivery of high-fidelity, SIEM-ready detection rules, ensuring our customers receive timely, relevant, and actionable protection through our product platform.

Responsibilities:

• Lead the development and maintenance of CI/CD pipelines that automate the translation of Sigma rules into SIEM-native detection formats such as KQL, SPL, and ECS-based syntaxes.
• Design and implement robust validation, linting, and QA workflows to ensure the syntactic correctness, logic integrity, and coverage quality of detection rules before they are delivered to customer systems.
• Collaborate closely with detection content authors, threat researchers, and product engineering to align rule logic with attacker behaviors and customer environments.
• Contribute to a centralized detection-as-code platform that manages lifecycle, version control, testing, and release of detections to downstream products.
• Investigate new approaches to detection normalization, enrichment, and telemetry alignment that improve detection effectiveness and cross-SIEM portability.
• Provide mentorship on detection rule structure, QA practices, and platform compatibility.
  
  

Requirments:

• 2+ years of experience in detection engineering, security operations, or threat detection development, ideally within product or platform teams.
• Hands-on experience building or contributing to CI/CD pipelines (e.g., GitHub Actions, GitLab CI, CircleCI) that include automated testing, validation, and deployment.
• Strong understanding of Sigma rule format and its translation mechanisms (e.g., sigmac) into target SIEM languages such as Kusto Query Language (KQL), Splunk Processing Language (SPL), and Elastic DSL.
• Proficiency in Python or Go for automation and tool integration; experience with YAML, JSON schema, and detection-as-code practices.
• Familiarity with cloud-native detection environments (e.g., Azure Sentinel, Chronicle, Elastic Security).
• English - upper-intermediate, Ukrainian - advanced or higher

Would be a plus:

• Experience with Infrastructure-as-Code (e.g., Terraform), container orchestration (Docker/Kubernetes), or QA frameworks for content validation.