Submeter

SOC Detection Lead Expert

Lisboa

Descrição da posição

We are looking for a Red Teamer who wants to pivot into our primary Detection Strategist. You will own the quality and direction of our detection logic: assess our telemetry and logging posture, identify visibility gaps, define detection requirements, and author high-fidelity detection content that holds up against real-world bypass techniques. You will be the connective tissue between offensive tradecraft and SOC outcomes—translating attacker behavior into durable, actionable detections.

Primary Focus:

Detection Engineering: Your main responsibility is to ensure that when an adversary moves, we see it. You will spend most of your time inside our SIEM, crafting high-fidelity alerts based on your overview of offensive TTPs.
Logic Creation: You will author complex KQL queries to detect sophisticated behaviors (e.g., Token manipulation, C2 jitter, etc.) rather than simple IOC matching.
Telemetry Analysis: You will deeply analyze raw logs from EDR, Identity Providers, and Cloud infrastructure to determine what data is missing and work to enable the right logging policies.
False Positive Reduction: You will apply your overview of 'normal' vs. 'malicious' administrative behavior to tune existing rules, ensuring the SOC is not flooded with noise.

Secondary Focus:

Targeted Adversary Emulation.

Validation Attacks: You will execute specific, manual attack sequences to verify that a new detection rule triggers.

Gap Analysis: You will simulate specific techniques (mapped to MITRE ATT&CK) to prove where our blind spots are, then immediately switch gears to fix them.
Service Key Responsibilities: Translate complex threat intelligence and known Red Team techniques into actionable detection logic (KQL).
Review and optimize the current library of detection rules for accuracy and coverage.
Collaborate with the Incident Response team to understand why previous attacks were missed and engineer rules to prevent recurrence.

Requirements

4+ years of expertise in Offensive Security (Red Teaming/Pen Testing)
2+ years of expertise in Detection Engineering or Blue Team Operations
Solid overview of bypass concepts, including payload obfuscation, in-memory execution, and anti-analysis techniques, etc.
Strong expertise in Active Directory exploitation and stealth-focused lateral movement methodologies
Expertise with industry-standard offensive security tooling, including customization to reduce detection and signature overlap
Expertise in designing and operating Command & Control (C2) frameworks and infrastructure with strong OPSEC and traffic obfuscation practices
Expertise in developing scripts and lightweight tooling to support engagements using Python, PowerShell, or C/C++
Expertise in Sentinel and  Kusto Query Language (KQL)
Solid overview of detection engineering concepts and MITRE ATT&CK
Strong problem-solving expertise to troubleshoot and resolve complex issues
Good level of English (both written and spoken)

Quer se candidatar?

Cargo

Nome*

Email*

Telefone*

País*

Cidade*

Upload your CV* (máx. 4MB)

Faça upload da sua foto ou video (máx. 4MB)

Ao usar este formulário, concorda com o armazenamento e manuseio de seus dados pela Multivision de acordo com nossa Política de Privacidade

Inclusão na base de dados de candidatos da Multivision, podendo ser tratados, de acordo com a análise das equipas de recrutamento, para efeitos de processos de recrutamento atuais e futuros para qualquer oportunidade da Multivision e dos seus Clientes.

Envio de comunicações sobre divulgação de serviços, processos de recrutamento e outras iniciativas e ações de marketing desenvolvidas pela Multivision, tais como webinares, formações, eventos, entre outros.

Submeter