Detection Engineer

Detection Engineer, TELENOR CYBERDEFENCE AS 

Telenor Cyberdefence AS is a wholly owned, newly started Nordic cyber security company in the Telenor Group. Telenor Cyberdefence AS' ambition is to become a leading MSSP (Managed Security Services Provider) in the Nordic market, among other things by using Telenor's unique access to threat intelligence to support our services. In addition to delivering modern managed security services, Telenor Cyberdefence AS will also offer specialist expertise through consultancy services and testing of infrastructure / applications with our Offensive Security team.    

Join our innovative team at Telenor Cyberdefence in the position as Detection Engineer - at our HQ in Oslo Fornebu, or at our offices in Grimstad.  

We are looking for a skilled and driven Detection Engineer to join our Detection team. In this role, you will design, implement, and optimize threat detection content within Microsoft Sentinel and Microsoft Defender XDR. You will play a critical role in identifying potential threats, building detection logic, and strengthening the overall security posture of our customers. The role involves also participating in Threat Hunting and Purple Team exercises.

Key Responsibilities

• Design and implement custom detection rules across a variety of customers and environment, using Microsoft Sentinel and the Microsoft Defender XDR suite 
• Continuously monitor, test, and improve detection logic based on performance, coverage, and client-specific needs.
• Maintain detailed documentation of detection logic, testing outcomes, and operational procedures.
• Contribute to our detection strategy
• Perform Threat Hunting across diverse client environments based on hypothesis-driven approaches and emerging threat intelligence.
• Participate in Purple Team exercises, working collaboratively with offensive security teams to validate and enhance detection coverage.
• Create automation workflows 

Required Qualifications

• 2+ years of experience in a security operations, detection engineering, or threat hunting role.
• Strong hands-on experience with SIEM and XDR tools, including custom detection rule creation.
• Experience building detections from telemetry/logs across various sources 
• Experience in Threat Hunting and familiarity with endpoint, identity, and cloud telemetry sources.
• Familiarity with MITRE ATT&CK, Unified Kill Chain and other relevant frameworks and threat modeling.
• Strong understanding of cybersecurity principles, attack techniques, incident response and threat modeling

Preferred Qualifications

• Experience with Microsoft Sentinel and KQL
• Experience with Microsoft Defender XDR suite: Defender for Endpoint, Identity, Office 365, and Cloud Apps
• Experience with SOAR tools
• Prior involvement in Purple Team engagements 
• Knowledge of scripting languages (PowerShell, Python)
• Relevant certifications, such as BTL1, BTL2, GCIH, GMON, OSTH
• Relevant Microsoft certifications (e.g., SC-200, AZ-500) are a plus

We offer:    

• An exciting opportunity working together in a dynamic team, in a newly established cyber security company.      
• A visible and significant role in Telenor Cyberdefence, where you have the opportunity to make an actual difference in society.     
• A job in a diverse international group of companies with many career opportunities, where you will have the possibility to develop and grow professionally.   
• Competitive compensation package.   
• New and modern office at Telenor Fornebu or Grimstad

If you are ready to take on this exciting opportunity, apply now and join our team!     

Please send us your application. We will conduct interviews ongoing as we receive applications.     

For more information about the position, please reach out to:

Linn Dehli, CHRO, linn.dehli@telenorcyberdefence.com