Threat Detection Engineer

As a Threat Detection Engineer at COGNNA, you'll design high-impact detection strategies, build powerful automation, and elevate SOC operations to a world-class standard. You'll also mentor rising cyber talent and collaborate with teams across threat intel, incident response, and platform engineering.🔐 Advanced Threat Detection EngineeringBuild high-fidelity correlation rules and behavioral detections within the COGNNA security platformsTranslate adversary TTPs (MITRE ATT&CK), threat intel, and vulnerability data into actionable logicIdentify detection gaps and introduce new data sources to cover evolving threat landscapesAutomate detection testing and maintain detection quality over time⚙️ Platform Engineering & OptimizationLead architecture and optimization of XDR, SIEM, and SOC tech stacks for scale and resilienceStreamline log ingestion pipelines — from parsing to normalization and enrichmentBuild scripts and automations (Python, PowerShell) to enhance SOC efficiencyIntegrate tools across the SOC stack to enable seamless workflows and response. 🕵️‍♂️ Threat Hunting & Incident ResponseCollaborate with intel and IR teams to enrich detection use cases and support threat huntsProvide Tier-3+ support for incident investigations and post-mortem analysis👥 Mentorship & SOC MaturityImprove SOC playbooks, SOPs, and detection engineering workflowsStay updated on global and regional threats — and evolve detection accordinglyEnsure compliance alignment (e.g., NCA ECC, SAMA CSF)Requirements🎓 EducationBachelor's in Computer Science, Cybersecurity, or related field. 💼 ExperienceHands-on expertise in developing and maintaining complex detection use casesStrong understanding of attacker behavior, IR fundamentals, and digital forensics. 🔧 Technical Skills (You're a Power User!)SIEM: Expert in SIEM queries (SPL, KQL, Lucene), rule tuning, UEBA, and scalingEDR: Deep knowledge of EDR tools and endpoint detection tacticsNetwork Security: Pro at packet analysis (Wireshark), IDS/IPS, and NetFlowScripting: Advanced skills in Python and/or PowerShell for automation and integrationOS Internals: Mastery of Windows/Linux/macOS logging, artifacts, and forensic valueThreat Intelligence: Skilled in turning threat intel into real-time detection logicCloud Security: Strong command of monitoring IaaS/PaaS/SaaS environments🏅 Certifications (Highly Preferred)🎓 SANS GIAC (GDAT, GMON, GCIA, GCTI, GCIH)🐉 Offsec (OSDA)🏫 INE (eCTHP, eCIR)🧩 (ISC)² CISSP, CSSLP 🤝 Soft SkillsExceptional analytical thinking and creative problem-solvingExcellent communication (English & Arabic), including technical reportingStrong mentorship abilities and a collaborative spiritSelf-motivated, focused, and passionate about cyber defenseCapable of juggling priorities under high-pressure situationsBenefits🚀 Impact that Matters - Build products that shape the future of cybersecurity and protect organizations globally.🏢 On-Site Collaboration - Be at the heart of innovation in our Riyadh office, working side by side with passionate experts.💡 Continuous Growth - Access to certifications, trainings, and opportunities to sharpen your expertise.📈 Ownership Mindset - Benefit from our ESOP program and grow with COGNNA's success.🤝 Culture of Trust - We empower talent, encourage ownership, and celebrate real outcomes.