Detection Engineer - Google SecOps

We are seeking a skilled Detection Engineer – Google SecOps to enhance and develop detection methods for our CyberSOC services, focusing on defending against current and emerging threats. In this role, you will be instrumental in evolving our detection capabilities within Google SecOps, ensuring our security services remain robust, effective, and aligned with the latest threat landscape.

As a Detection Engineer, you will collaborate with Technical Delivery Managers, Lead Security Analysts, Service Owners, and other key stakeholders to refine our detection models, improve service quality, and deliver actionable intelligence to our security analysts. Your work will directly contribute to strengthening our Managed Threat Detection services and maintaining our position as a leader in cybersecurity.

Responsibilities:

• Continuously develop and refine detection models to enhance the capabilities and quality of our Google SecOps services.
• Monitor and analyze global threat indicators, providing actionable suggestions for improvement.
• Design and implement new detection rules and indicators to address high-severity global threats.
• Reduce false positives and improve the quality of information delivered to security analysts.
• Test and validate the detection capabilities of our services and related products.
• Maintain comprehensive documentation related to detection methods and supported services.
• Collaborate with cross-functional teams to track and elevate the development of our security services.
• Collaborate with Service Design teams to improve the process and technical aspects of the service, including threat detection, incident response, and compliance monitoring.
• Develop and optimize security automation workflows, reducing manual intervention.
• Automate detection, response, and remediation processes using SOAR and scripting.

Key Responsibilities – Strategic

• Continuously develop our detection models to improve capabilities and quality.
• Monitor the results of our indicators from a global perspective and provide suggestions for improvement.
• Increase the quality of information presented to analysts and improve efficiency of analysis of incidents.
• Collaborate with relevant stakeholders to improve service quality and track the development of our services.

Key Responsibilities – Tactical/Operational

• Develop new indicators for Managed Threat Detection services.
• Maintain and update our detection library.
• Gather and interpret statistics to determine potential improvements.
• Continuously test the detection capabilities of our services and related products.
• Maintain documentation related to detections and supported services.

Who you are:
You are a proactive, detail-oriented professional with a passion for cybersecurity and threat detection. You thrive in dynamic environments, enjoy tackling complex challenges, and are committed to delivering high-quality outcomes. A natural collaborator, you excel at working with diverse teams, providing insights that drive meaningful improvements. You are curious about emerging threats and technologies, and you take pride in staying ahead of the curve to protect our services and customers.

Additionally, you embody our core values:

• Technology-first approach
• Humble commitment
• Innovator
• Respect for people and commitment
• Simplicity in mind
• Trust in each other
• 
  

We prefer that you have experience in the following areas:

• 3+ years of experience as a Security Analyst or equivalent Security roles.
• Deep understanding of Google Cloud Security services.
• Experience in creating and tuning Google SecOps detections.
• Hands-on experience with SIEM, SOAR, EDR, XDR, and/or threat intelligence tools.
• Knowledge of security frameworks and compliance standards (ISO 27001, NIST, CIS, GDPR).
• Solid understanding of common threats and TTPs, with prior experience working with the MITRE framework (whether through threat hunting or gap analysis).
• Ability to lead and collaborate across teams.
• Experience in Python development, including being able to analyze code and write applications and/or scripts.

Bonus

• Experience in using version control software and CI/CD for managing detection rules.
• Experience in developing and tuning detections in Sentinel, Defender and Cortex.
• Working with Infrastructure as Code using Terraform.

The story of Orange Cyberdefense

Orange Cyberdefense is Sweden’s leading company in cyber security. Our vision is to contribute to a safer digital society by fighting different kinds of cybercrimes. We have about 3000 employees worldwide and 400 in Sweden. We offer our customers services within Anticipate, Identity, Protect, Detect and Respond.

At Orange Cyberdefense, we are all different but with the same passion; and that is our greatest strength. We are proud of our individual differences, experiences and histories and are convinced that we must include everyone to be able to offer solutions that protect everyone. That is why we always make sure to treat all applications equally.

Our offer

As an employee at Orange Cyberdefense, you will get the opportunity to work closely with some of the experts in the field and in an innovative and friendly company where we together contribute to the continued development of the company.

With the latest technology, customers in the Nordics region and a growing company supporting you, you are given the opportunity to create and contribute to a safer society.

Working at Orange Cyberdefense will give you the chance to develop both personally and professionally. New challenges are our favorite challenges. Orange Cyberdefense has an environment with a high rate of change, quick decision-making, combined with sensitivity to our employees. We believe that by providing an atmosphere where we try to have fun at work and love what we do, we will also get the best end results.

We look forward to receiving your application!