Qureos

Find The RightJob.

companyLogo
Visionary Tech Services

Security & Detection Engineering Manager

  • Rule execution frequency
  • Establish structured SOC-to-Engineering feedback loop.
  • Define tiered automation model (manual / assisted / autonomous).
  • Define detection engineering competency framework.
  • Establish certification roadmap (Elastic, Microsoft, Google).

The Security & Detection Engineering Manager is responsible for owning and leading the detection engineering and security platform strategy across a multi-SIEM, multi-tenant MSSP environment.

This role governs detection architecture, ATT&CK coverage, platform interoperability, multi-tenant isolation, cost engineering, quality assurance and automation governance across a hybrid tooling environment.

Requirements
  • Detection Strategy & Architecture
  • Define and maintain a 12-24 month Detection Engineering Roadmap.
  • Own adversary-aligned detection strategy mapped to MITRE ATT&CK.
  • Establish detection maturity targets per platform and service tier.
  • Maintain a centralized detection content abstraction model (e.g., Sigma/internal DSL).
  • Govern detection lifecycle: design validation deployment tuning retirement.
  • Prevent detection sprawl and duplication across platforms.
  • MITRE ATT&CK Coverage Governance
  • Maintain formal ATT&CK coverage matrix.
  • Track and report coverage percentage by tactic and technique.
  • Conduct quarterly coverage gap analysis.
  • Validate detection coverage through simulation and adversary emulation exercises.
  • Produce ATT&CK coverage reporting for executive leadership and audit functions.
  • Multi Tenant Detection Governance
  • Define detection inheritance and baseline models across tenants.
  • Govern tenant level tuning while preserving engineering consistency.
  • Enforce strict cross tenant rule isolation and data scoping controls.
  • Maintain metadata only forwarding controls where required for sovereignty models.
  • Prevent cross tenant configuration contamination.
  • Maintain version control and tenant level detection lineage.
  • Platform Interoperability & Schema Governance
  • Own cross platform detection portability strategy.
  • Govern schema alignment across a multi SIEM environment
  • Define translation and normalisation pipelines.
  • Ensure detection parity across supported platforms.
  • Govern ingestion mapping and telemetry integrity.
  • Cost Engineering & Optimisation
  • Own ingestion efficiency model and cost per GB governance.
  • Monitor cost per alert generated.
  • Optimise: Retention tiers (hot/warm/cold), Query performance, Rule execution frequency.
  • Define and track detection efficiency (signal to noise ratio).
  • Contribute to platform licensing and cost optimisation decisions.
  • Detection Quality Assurance Framework
  • Establish formal Detection QA process including: Peer review prior to deployment, Pre production validation environment, False positive regression testing, Simulation based testing.
  • Implement detection health scoring system.
  • Track detection decay and stale logic.
  • Maintain detection change traceability.
  • Continuous Service Improvement
  • Establish structured SOC to Engineering feedback loop.
  • Conduct regular analyst review sessions.
  • Track false positive patterns and alert fatigue metrics.
  • Maintain closed loop improvement tracking.
  • Continuously improve detection fidelity and SOC effectiveness.
  • Conduct post incident detection and control gap analysis.
  • Automation & Response Engineering Governance
  • Govern SOAR and response automation across platforms.
  • Define tiered automation model (manual / assisted / autonomous).
  • Establish human in the loop controls for high risk actions.
  • Enforce automation regression testing and version control.
  • Monitor automation success and failure rates.
  • Preventative Control Operationalisation & Validation
  • Implement Security Architect approved hardening baselines (CIS aligned).
  • Operationalise secure configuration standards across: Endpoints, Identity platforms, Cloud environments, Network security controls.
  • Monitor configuration drift and control degradation.
  • Integrate preventative control telemetry into SIEM and detection pipelines.
  • Validate control effectiveness using detection and incident data.
  • Provide structured feedback to the Security Architect on control performance gaps.
  • Support exposure reduction initiatives through engineering execution.
  • Compliance & Audit Evidence Ownership
  • Maintain full audit trail for detection changes.
  • Provide evidence for ISO 27001, NIST CSF and regional regulatory audits.
  • Maintain detection version history.
  • Ensure automated response actions are logged and traceable.
  • Maintain control compliance dashboards and operational metrics.
  • Provide ATT&CK coverage documentation to auditors.
  • Engineering Leadership & Capability Development
  • Define detection engineering competency framework.
  • Mentor and develop Detection Engineers and SIEM Engineers.
  • Establish certification roadmap (Elastic, Microsoft, Google).
  • Implement technical performance scorecards.
  • Develop succession planning and redundancy controls.
  • Maintain backlog governance and engineering delivery cadence.
Technical Requirements

Platform Expertise (Required)

  • Elastic Security (EQL, index lifecycle, ECS governance)
  • Microsoft Defender XDR & Sentinel (KQL, ASIM)

Platform Expertise (Desired)

  • Google SecOps (UDM schema, detection engineering)
  • BindPlane (log routing and telemetry aggregation architecture)
Detection Engineering
  • Behaviour based detection design
  • Correlation engineering
  • Sigma rule governance
  • Detection as code practices
  • ATT&CK mapping and coverage measurement
Automation & Engineering
  • SOAR workflow design
  • Python / PowerShell scripting
  • CI/CD for detection content
  • API integrations (REST/JSON)
  • Infrastructure as Code fundamentals
Preventative Control Engineering
  • Implement and operationalise architect approved hardening baselines (CIS aligned) across endpoints, identity, cloud and network environments.
  • Monitor configuration drift and validate control effectiveness using telemetry integrated into SIEM platforms.
  • Enforce tenant level configuration isolation and prevent cross tenant control contamination in multi tenant environments.
  • Translate architectural security controls into enforceable technical configurations and measurable compliance outcomes.
  • Maintain automated control validation, regression testing and compliance ready reporting for regulatory and audit purposes.
Data & Schema Governance
  • Log normalisation and parsing
  • Schema conformity validation
  • Ingestion health monitoring
  • Data completeness validation
Experience Requirements
  • 7+ years in security engineering or detection engineering
  • 2+ years in technical leadership or management
  • Experience in MSSP or multi tenant SOC environments
  • Proven experience with at least two of: Elastic, Microsoft Security Suite, Google SecOps, Experience implementing ingestion frameworks (BindPlane or equivalent/Native Collectors)
Key Performance Indicators Detection Effectiveness
  • ATT&CK coverage percentage
  • Detection fidelity score
  • False positive rate
  • Missed detection rate
  • Detection decay rate
Operational Performance
  • Mean Time to Detect (MTTD)
  • Mean Time to Respond (MTTR)
  • Detection deployment lead time
  • Detection retirement cycle time
Cost & Efficiency
  • Cost per GB ingested
  • Cost per alert generated
  • Query efficiency score
  • Storage optimisation ratio
Quality & Governance
  • Detection QA pass rate
  • Automation success rate
  • Automation failure rate
  • Schema conformity percentage
  • Ingestion failure rate
Engineering Leadership
  • Backlog delivery velocity
  • Certification completion rate
  • Cross platform detection parity percentage

Similar jobs

No similar jobs found

© 2026 Qureos. All rights reserved.

Term of usePrivacy policy