Tawantech
Senior Threat Detection Engineer
- Permanent
- Riyadh, Saudi Arabia
- Experience 2 - 5 yrs
Job expiry date: 20/05/2026
Job overview
Date posted
06/04/2026
Location
Riyadh, Saudi Arabia
Salary
SAR 15,000 - 20,000 per month
Compensation
Salary only
Experience
2 - 5 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
20/05/2026
Job description
The Senior Threat Detection Engineer in Riyadh is responsible for strengthening the organizationās cybersecurity posture by designing, implementing, and optimizing threat detection capabilities. This role focuses on SIEM engineering, building high-fidelity detection use cases, and ensuring accurate alerting to detect, investigate, and respond to advanced threats. The engineer collaborates with SOC and threat hunting teams, integrating telemetry from endpoint, network, and other sources to enhance detection coverage. Leveraging expertise in QRadar and other monitoring tools, the professional continuously tunes alerts, reduces false positives, and converts threat intelligence into actionable detection logic. The role also includes supporting proactive threat hunting initiatives and maintaining high-quality documentation and platform performance to ensure organizational readiness against evolving cyber threats.
Required skills
Key responsibilities
- Design, develop, and deploy advanced SIEM use cases to detect potential threats and anomalies.
- Translate threat intelligence, attack techniques, and business risks into actionable detection logic aligned with MITRE ATT&CK and industry best practices.
- Develop and maintain correlation searches, rules, and alert logic to detect multi-stage attacks and complex threat scenarios.
- Build, tune, and optimize detection strategies across EDR, NDR, and other security monitoring platforms.
- Continuously analyze and tune alerts to reduce false positives and alert fatigue, performing root cause analysis for noisy alerts.
- Support threat hunting teams by developing hypotheses, analyzing logs, and converting findings into scalable detection use cases.
- Leverage expertise in QRadar to configure log sources, parsing rules, event normalization, and ensure optimal platform performance.
- Stay current with emerging threats, SIEM updates, and best practices to continuously enhance detection capabilities.
Experience & skills
- Minimum 3+ years of experience in cybersecurity with a focus on threat detection or SIEM administration.
- Proven hands-on experience designing and implementing SIEM detection use cases.
- Expertise with SIEM platforms, preferably QRadar, including configuration and optimization.
- Experience with EDR/NDR tools and building detection logic within these platforms.
- Strong understanding of security event logs, endpoint telemetry, and network traffic.
- Familiarity with MITRE ATT&CK, Cyber Kill Chain, and other threat frameworks.
- Proficiency in alert tuning, false positive reduction, and SOC operations.
- Strong analytical, problem-solving, and investigative skills.
- Ability to integrate multiple telemetry sources and collaborate with multidisciplinary cybersecurity teams.