Detection Engineer
Quick Match Check
Company Size
Company Type
Key Skills
Roles Worked
Industry Experience
CyberSec People will make the introduction
Skills Assessment
Breaks down complex problems into fundamental truths and builds solutions from the ground up
Prefers building and shipping code over meetings and documentation
Deep technical expertise across security domains, tools, and architectures
Constantly learning, experimenting, and staying ahead of emerging threats
Battle-tested experience solving real-world security incidents and challenges
Profile Summary
A detection engineer who treats security detections as software. Builds end-to-end detection pipelines with automated testing, version control, and CI/CD deployment. Has built detection programs from scratch at two high-growth companies, reducing mean time to detect from days to minutes.
Problems Solved
- Built a detection-as-code pipeline that automated the testing and deployment of 500+ detection rules, reducing false positive rates by 40% and deployment time from days to minutes.
- Designed a threat hunting program that identified 3 previously undetected intrusion campaigns within the first quarter of operation.
- Automated alert triage for the top 20 highest-volume alerts, reducing SOC analyst workload by 50% and improving mean time to respond by 65%.
What They Build
Builds detection-as-code frameworks, automated alert triage systems, threat hunting playbooks, and SOAR integrations. Focuses on reducing analyst fatigue through high-fidelity detections and automated response workflows.
What Would Make Them Move
Looking for a company that treats detection engineering as a proper engineering discipline, not just a SOC analyst writing Splunk queries. Wants to build a detection program with real CI/CD, testing, and metrics. Hybrid in Sydney.
Mission & Values
Most detection engineering is just writing SIEM rules and praying. I build detection-as-code pipelines that test, version, and deploy detections like software — because that is what they are.