Detection Engineer.

Where offense meets defense

DEFION has been protecting organizations since 2005. Our Detection Engineering team sits at the intersection of offense and defense: you take findings from real attacker simulations and Red Team exercises and translate them into detection rules that work across SIEM, EDR, and XDR platforms.

You will not just consume threat intelligence; you will generate it and apply it. You work in a multidisciplinary team alongside Red Teamers, Blue Teamers, and threat hunters in our Barcelona office (or remotely).

What you will do

• Design, develop, and fine-tune detection rules in SIEM, EDR, and XDR platforms (Sentinel, CrowdStrike, Cortex, Splunk, and more)
• Analyze results from attacker simulations to identify weaknesses in security controls
• Develop detection and mitigation strategies for emerging threats using MITRE ATT&CK
• Automate and optimize processes with Python, PowerShell, and Bash scripts

What you bring

Must have:

• 1-2 years of experience as Detection Engineer or SOC Analyst creating/optimizing alerts in SIEM/EDR
• Knowledge of KQL (Kusto Query Language) and/or CQL (CrowdStrike Query Language)
• Deep knowledge of Windows logs, telemetry, and event analysis for proactive threat detection
• Strong understanding of adversary TTPs based on MITRE ATT&CK
• Scripting skills in Bash, Python, or PowerShell
• Knowledge of Windows and Linux system administration, TCP/IP, DHCP, DNS
• Purple-team mindset: think like an adversary, enhance defensive capabilities
• Clear communication in English for international team collaboration

Nice to have:

• Cybersecurity certifications or a master's degree in a related field
• Degree in Engineering, Cybersecurity, or related field