Threat Detection Engineer - SIEM and Cloud Security (GenAI)

Cisco
Municipality of Madrid, Spain
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Municipality of Madrid, Spain

Tech stack

Amazon Web Services (AWS)
Azure
Bash
Cloud Computing Security
Query Languages
Intrusion Detection and Prevention
Python
Open Source Intelligence
Powershell
Kusto Query Language
Security Information and Event Management
SQL Databases
Mitre Att&ck
Generative AI
Cyber Threat Analysis

Job description

The Threat Research and Detection Engineering (TRaDE) team is responsible for developing and maintaining the prebuilt detection logic shipped with Elastic Security, researching emerging threats, validating detection efficacy, and engaging with the global community to democratize defensive capabilities. We're looking for a Security Research Engineer II with strong security fundamentals, hands-on detection engineering experience, and an interest in validating and improving defensive protections. This role focuses on driving threat research and real telemetry into high-quality, reliable, high efficacy, detection content. What you'll be doing: This position centers on practical detection development and validation work across multiple data sources and attack surfaces. Responsibilities include writing and refining detection logic, validating rule behavior, and improving detection quality through telemetry analysis and testing. Key focus areas include: Creating and refining detection logic across multiple domains (endpoint, cloud, identity, network, web, and email) domains using Elastic data sources. Validating rule behavior through functional testing, false-positive review, and iterative tuning. Evaluating attack paths across domains and contributing to coverage improvements throughout the kill chain. Analyzing multi-source telemetry to uncover detection opportunities and strengthen signal-to-noise ratios. Supporting cloud security validation efforts for AWS, Azure, or GCP detections. Collaborating with senior researchers to test new detection approaches and incorporate emerging attacker techniques. Using lightweight simulation tools or scripted tests to generate telemetry and validate detection behavior. Participating in Elastic Security Labs efforts, detection package updates, documentation, or community knowledge sharing when appropriate! What you bring

Requirements

We're looking for candidates with experience in Generative AI Security and intimately understand MITRE ATLAS threat techniques and behaviors. Beneficial strengths include: Experience in detection engineering, threat research, SOC operations, incident response, or related blue-team roles. Understanding of core concepts across multiple domains. Ability to write or validate detections using EQL, KQL, SQL, or similar query languages. Familiarity with MITRE ATT&CK, MITRE ATLAS, and its application to mapping detection coverage. Strong analytical and problem-solving skills, especially around false positives and weak-signal detection logic. Clear, collaborative communication and willingness to learn from and partner with senior researchers. Bonus point desired experiences and interests: Understanding of the Elastic Security Solution, Elastic's prebuilt rules, Elastic query languages, or the Elastic Common Schema. Experience with exposure validation, security control testing, or attack path validation platforms. Ability to generate or script test telemetry using Python, Bash, PowerShell, or simple simulation tools. Contributions to community detection content, blogs, OSINT research, or security rule repositories.

Apply for this position