Tawantech
Senior Threat Detection Engineer
- Permanent
- Riyadh, Saudi Arabia
- Experience 2 - 5 yrs
Job expiry date: 18/05/2026
Job overview
Date posted
03/04/2026
Location
Riyadh, Saudi Arabia
Salary
Undisclosed
Compensation
Comprehensive package
Experience
2 - 5 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
18/05/2026
Job description
The Senior Threat Detection Engineer is responsible for designing, developing, and continuously improving threat detection capabilities across the organizationās security monitoring platforms. The role involves building high-quality detection use cases, optimizing alerting mechanisms, and supporting threat hunting initiatives to strengthen the organizationās ability to detect, analyze, and respond to advanced cyber threats. The position requires strong hands-on experience in SIEM engineering, detection logic development, and security monitoring tools such as EDR and NDR, with preference for expertise in QRadar. Responsibilities include designing and deploying advanced detection use cases within SIEM platforms, translating threat intelligence, attack techniques, and business risks into actionable detection logic, aligning detection strategies with MITRE ATT&CK and industry best practices, reviewing and enhancing SIEM content, developing correlation rules and alert logic, building detection strategies across endpoint, network, and application layers, integrating telemetry from multiple sources, tuning alerts to reduce false positives, supporting threat hunting activities, analyzing logs and telemetry data to identify indicators of compromise (IOCs), configuring log sources, implementing event normalization, optimizing SIEM platform performance, monitoring system health, and maintaining documentation for audit and knowledge sharing while staying up to date with QRadar features, cybersecurity threats, and detection engineering best practices.
Required skills
Key responsibilities
- Design, develop, and deploy advanced SIEM detection use cases by translating threat intelligence, attack techniques, and business risks into actionable detection logic aligned with MITRE ATT&CK and industry best practices while continuously reviewing and enhancing SIEM content to maintain effectiveness against evolving threats.
- Develop and maintain correlation rules, searches, and alert engineering logic to identify multi-stage attacks and complex threat scenarios while creating meaningful alert conditions, establishing thresholds and baselines, and implementing behavioral analytics to improve detection accuracy.
- Build and tune detection use cases across endpoint and network monitoring tools including EDR and NDR platforms while integrating telemetry from multiple sources and optimizing detection strategies across endpoint, network, and application layers.
- Continuously analyze and tune alerts to reduce false positives and minimize SOC alert fatigue by conducting root cause analysis, balancing sensitivity and accuracy, and implementing improvements to detection logic while documenting tuning activities.
- Collaborate with threat hunting teams to develop detection hypotheses, convert threat hunting findings into scalable detection use cases, analyze logs and telemetry data, and identify indicators of compromise and suspicious behaviors.
- Leverage QRadar expertise to build, optimize, and maintain detection content while configuring log sources, parsing rules, event normalization, and ensuring SIEM operational efficiency and system health.
- Collaborate with engineering teams to onboard new data sources into SIEM and monitoring tools while improving visibility, enhancing detection coverage, and supporting proactive threat detection initiatives.
- Monitor SIEM platform performance, maintain documentation for audit and knowledge sharing, stay updated with cybersecurity threats and QRadar enhancements, and support incident detection and response initiatives across the organization.
Experience & skills
- Design, develop, and deploy advanced SIEM detection use cases by translating threat intelligence, attack techniques, and business risks into actionable detection logic aligned with MITRE ATT&CK and industry best practices while continuously reviewing and enhancing SIEM content to maintain effectiveness against evolving threats.
- Develop and maintain correlation rules, searches, and alert engineering logic to identify multi-stage attacks and complex threat scenarios while creating meaningful alert conditions, establishing thresholds and baselines, and implementing behavioral analytics to improve detection accuracy.
- Build and tune detection use cases across endpoint and network monitoring tools including EDR and NDR platforms while integrating telemetry from multiple sources and optimizing detection strategies across endpoint, network, and application layers.
- Continuously analyze and tune alerts to reduce false positives and minimize SOC alert fatigue by conducting root cause analysis, balancing sensitivity and accuracy, and implementing improvements to detection logic while documenting tuning activities.
- Collaborate with threat hunting teams to develop detection hypotheses, convert threat hunting findings into scalable detection use cases, analyze logs and telemetry data, and identify indicators of compromise and suspicious behaviors.
- Leverage QRadar expertise to build, optimize, and maintain detection content while configuring log sources, parsing rules, event normalization, and ensuring SIEM operational efficiency and system health.
- Collaborate with engineering teams to onboard new data sources into SIEM and monitoring tools while improving visibility, enhancing detection coverage, and supporting proactive threat detection initiatives.
- Monitor SIEM platform performance, maintain documentation for audit and knowledge sharing, stay updated with cybersecurity threats and QRadar enhancements, and support incident detection and response initiatives across the organization.