Submit

SOC Detection Lead Expert

Lisboa

Job description

We are looking for a Red Teamer who wants to pivot into our primary Detection Strategist. You will own the quality and direction of our detection logic: assess our telemetry and logging posture, identify visibility gaps, define detection requirements, and author high-fidelity detection content that holds up against real-world bypass techniques. You will be the connective tissue between offensive tradecraft and SOC outcomes—translating attacker behavior into durable, actionable detections.

Primary Focus:

Detection Engineering: Your main responsibility is to ensure that when an adversary moves, we see it. You will spend most of your time inside our SIEM, crafting high-fidelity alerts based on your overview of offensive TTPs.
Logic Creation: You will author complex KQL queries to detect sophisticated behaviors (e.g., Token manipulation, C2 jitter, etc.) rather than simple IOC matching.
Telemetry Analysis: You will deeply analyze raw logs from EDR, Identity Providers, and Cloud infrastructure to determine what data is missing and work to enable the right logging policies.
False Positive Reduction: You will apply your overview of 'normal' vs. 'malicious' administrative behavior to tune existing rules, ensuring the SOC is not flooded with noise.

Secondary Focus:

Targeted Adversary Emulation.

Validation Attacks: You will execute specific, manual attack sequences to verify that a new detection rule triggers.

Gap Analysis: You will simulate specific techniques (mapped to MITRE ATT&CK) to prove where our blind spots are, then immediately switch gears to fix them.
Service Key Responsibilities: Translate complex threat intelligence and known Red Team techniques into actionable detection logic (KQL).
Review and optimize the current library of detection rules for accuracy and coverage.
Collaborate with the Incident Response team to understand why previous attacks were missed and engineer rules to prevent recurrence.

Requirements

4+ years of expertise in Offensive Security (Red Teaming/Pen Testing)
2+ years of expertise in Detection Engineering or Blue Team Operations
Solid overview of bypass concepts, including payload obfuscation, in-memory execution, and anti-analysis techniques, etc.
Strong expertise in Active Directory exploitation and stealth-focused lateral movement methodologies
Expertise with industry-standard offensive security tooling, including customization to reduce detection and signature overlap
Expertise in designing and operating Command & Control (C2) frameworks and infrastructure with strong OPSEC and traffic obfuscation practices
Expertise in developing scripts and lightweight tooling to support engagements using Python, PowerShell, or C/C++
Expertise in Sentinel and  Kusto Query Language (KQL)
Solid overview of detection engineering concepts and MITRE ATT&CK
Strong problem-solving expertise to troubleshoot and resolve complex issues
Good level of English (both written and spoken)

Want to apply?

Position

Name*

Email*

Phone number*

Country*

City*

Faça upload do seu CV* (max. 4MB)

Upload your photo or video (max. 4MB)

By using this form you agree with the storage and handling of your data by Multivision in accordance with our Privacy Policy.

Inclusion in Multivision's database of candidates to be used, according to the analysis of the recruitment teams, for the purpose of current and future recruitment processes for any opportunity of Multivision and its Clients.

Sending communications about services, recruitment processes and other initiatives and marketing actions developed by Multivision, such as webinars, training, and events, among others.

Submit