Java Security Testing Engineer

About the Role In this role, you will serve as a senior contributor within the Information Security Engineering function, supporting large-scale, highly complex initiatives. You will analyze and solve multifaceted security challenges, design and mature detection capabilities, and consult with cross-functional partners to strengthen the organization's security posture. You will leverage deep expertise in threat detection engineering, cloud and on-premise telemetry, and attacker tradecraft to build high-fidelity detections and guide the full detection lifecycle-from requirements to decommissioning., * Lead and contribute to complex Information Security Engineering initiatives with broad organizational impact.

• Review, analyze, and solve advanced security challenges involving multi-cloud, multi-tenant, or global-scale environments.
• Design, implement, tune, and maintain high-quality threat detections across SIEM, EDR/XDR, and cloud platforms.
• Map detections to MITRE ATT&CK, identify gaps, and propose improvements.
• Assess data quality, telemetry coverage, and log source onboarding needs to enhance detection capabilities.
• Collaborate strategically with engineering, SOC, platform, and infrastructure teams.
• Develop metrics, dashboards, and feedback loops supporting continuous detection quality improvement.
• Create runbooks, playbooks, and documentation for detection operations.
• Apply automation, scripting, and version-controlled workflows to streamline detection development and testing.

• 5+ years of experience in Information Security Engineering, Threat Detection Engineering, Security Operations, or Incident Response.
• 3+ years specifically focused on writing, tuning, and managing threat detections.
• Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommissioning).
• Proven success operating in large-scale or complex environments , such as multi-cloud, multi-tenant, or global enterprises.
• Equivalent experience from work, consulting, training, military service, or education is welcome.

Technical Skills

• Detection Engineering SIEM (Splunk) Advanced SPL expertise (searches, macros, data models, scheduled searches, alerting)
• EDR/XDR (CrowdStrike Falcon) Custom IOA rule authoring, tuning, and exclusion logic
• Microsoft Security Defender for Endpoint Defender for Cloud Apps Microsoft Sentinel / M365 Defender Strong KQL proficiency
• Cloud Platforms Azure: Log Analytics, Azure AD, Defender for Cloud, activity logs Google Cloud Platform: Cloud Logging, Security Command Center, IAM, network telemetry
• Ability to convert attacker TTPs into actionable detection logic across multiple ecosystems

Threat & Attack Expertise

• Deep familiarity with MITRE ATT&CK (Enterprise Matrix)
• Understanding of adversary behaviors, including: Phishing Ransomware Lateral movement Privilege escalation Data exfiltration Cloud account compromise Identity abuse
• Experience conducting detection gap analysis based on emerging threats
• Knowledge of threat intelligence sources and operationalizing intel into detection content

Detection Fidelity & Quality

• Experience measuring and improving detection precision, recall, and signal-to-noise ratio
• Ability to plan and execute detection testing: Simulations Red team findings Adversary emulation tools
• Familiarity with testing frameworks such as: Atomic Red Team Caldera Commercial breach & attack simulation tools
• Experience building metrics, dashboards, and SOC collaboration loops
• Creation and maintenance of runbooks/playbooks tied to detection alerts

Data Engineering & Telemetry

• Understanding of: Windows events, Sysmon Linux logs Network telemetry (NetFlow, firewall, DNS/proxy)
• Cloud-native logs for Azure, Google Cloud Platform, and AWS Identity and access logs (Azure AD, Okta, on-prem AD)
• Ability to evaluate log quality, coverage, and data onboarding requirements
• Experience working with engineering and platform teams to enable new log sources

Engineering & Automation

• Proficiency in scripting languages such as Python or PowerShell to support automation, testing, and enrichment
• Experience using Git for version control (branching, PRs, reviews)
• Familiarity with SDLC-style processes for detection content Knowledge of infrastructure-as-code or configuration-as-code concepts (preferred)