Position Overview
Key Responsibilities
- Threat-Informed Detection Engineering
- Convert Red Team and adversary simulation insights into formal detection enhancements
- Map detections to MITRE ATT&CK, define telemetry requirements, and validate log sources & enrichments (ASIM-aligned where applicable)
- Perform post-engagement gap analysis, prioritize fixes in a transparent detection backlog
- Ensure each finding results in:
- Improved/validated use case (KQL logic + entity mapping + suppression)
- Updated triage guidance and analyst notes
- Logic Apps playbook enhancement (if applicable)
- Re-testing with Red Team
- Full Use Case Development & Improvement Lifecycle
- Design: data requirements, ASIM mapping, entity model, severity, rationale, ATT&CK coverage
- Build: KQL logic, enrichment (watchlists/UEBA/context), suppression thresholds, incident settings
- Test: ...