Minimum Qualifications

6+ years in security engineering, detection engineering, or cloud security with exposure to SaaS and API-based environments. Strong expertise in anomaly detection, behavioural analytics, and applied data science concepts for cybersecurity. Hands-on experience with SIEM, SOAR, and detection-as-code frameworks (e.g., Splunk, OpenSearch, KQL, Sigma). Proficiency in threat hunting methodologies, adversary emulation, and detection in large-scale SaaS/cloud environments. Familiarity with threat intelligence platforms (TIPs), enrichment pipelines, and ATT&CK-based intelligence mapping. Good programming, automation, and data analytics skills. Experience integrating detection pipelines into SaaS applications and microservices.  

Preferred Qualifications

Experience developing analytics pipelines, including AI/ML models for anomaly detection and risk scoring. Exposure to SOC operations, detection content development, and adversary simulation. Deep knowledge of threat intelligence tradecraft (e.g., ATT&CK, Sigma mappings, enrichment, correlation with detection rules). Experience with automated detection tuning and false positive reduction. Familiarity with cloud-native telemetry pipelines. Security certifications: GIAC GCDA/GCFA, GCTI, GCP Security Engineer, AWS Security Specialty, OSCP.