24/7 Incident Response Support
w-full h-full object-cover
Back to careers

Detection Engineer

Barcelona, Spain

Location: Hybrid / Remote
Employment: Full-time
Team: Detection Engineering

ABOUT DEFION

At DEFION, we have been protecting organizations with advanced cybersecurity solutions since 2005. We are a reference in incident response, digital forensics, managed security services, threat intelligence, and offensive security projects (Red & Purple Team).
Our technical team is made up of highly qualified professionals with real experience in complex and critical environments. We work with cutting-edge technology, agile methodologies, automation, and a collaborative approach that fosters both technical and professional growth.

With an international presence and in full expansion, DEFION is committed to talent, continuous training, and career development. Here you won’t just consume intelligence — you will generate it and apply it to create effective detections. You will work in a multidisciplinary team, transforming findings from real offensive security projects into detection rules.

BACKGROUND

As part of our Detection Engineering and MDR-Extended service, we are looking for profiles with experience in creating rules (EDR/XDR/SIEM), behaviour-based detection, and TTP analysis. If you are passionate about designing detections that make a difference, DEFION is looking for you.

FUNCTIONS AND RESPONSIBILITIES

As a Detection Engineer, you will play a key role in strengthening our clients’ security posture. You will apply your knowledge of adversarial tactics and techniques to design and develop advanced detection rules that enable effective identification and response to security threats. Your responsibilities will include:

  • Designing, developing, and fine-tuning detection rules in SIEM, EDR, and XDR platforms to improve threat detection and incident response capabilities.
  • Analyzing results from attacker simulations to identify weaknesses in security controls.
  • Developing detection and mitigation strategies for emerging threats.
  • Automating and optimizing processes by creating tools and scripts that streamline security assessments and reporting.

REQUIREMENTS

  • Degree in Engineering, Cybersecurity, or a related field, or demonstrable equivalent professional experience.
  • 1–2 years of experience in one or more of the following roles: Detection Engineer, or SOC Analyst with experience creating and/or optimizing alerts in SIEM and/or EDR platforms, specifically with knowledge of Microsoft’s Kusto Query Language (KQL) and/or CrowdStrike Query Language (CQL).
  • Deep knowledge of Windows logs, telemetry, and event analysis, with specialization in identifying and analyzing adversarial tactics and techniques for proactive threat detection.
  • Strong understanding of adversary Tactics, Techniques and Procedures (TTPs), based on MITRE ATT&CK.
  • Experience with SIEM and EDR platforms such as Microsoft Sentinel, CrowdStrike, Cortex, Splunk, Elastic ELK, LogRhythm, QRadar, Chronicle, or Wazuh, among others.
  • Scripting skills (Bash, Python, PowerShell) to automate tasks and develop tools.
  • Knowledge of Windows and UNIX/Linux system administration.
  • Solid understanding of networks and communication protocols, including TCP/IP, DHCP, DNS, and other fundamental protocols.
  • Purple-team mindset: the ability to think like an adversary (Red Team) while enhancing defensive capabilities (Blue Team).
  • Ability to communicate clearly and effectively in English in technical environments and with international teams.
  • Analytical, organizational, and creative skills, with attention to detail, the ability to detect anomalies, and to solve complex problems.
  • Specialized training, such as cybersecurity certifications or a master's degree, will be a plus.

WHAT WE OFFER

  • Being part of an international, young, and dynamic team with an excellent working environment.
  • Close collaboration with the Red Team and the Blue Team to stay up to date on real attacks and the latest adversarial techniques, as well as access to various detection technologies such as EDR, SIEMs, threat intelligence, and other security tools.
  • Continuous internal and external training to keep you always up to date (certifications and attendance at annual conferences).
  • A personalized professional career plan tailored to your interests and development, ensuring your growth within the company.
  • Flexibility for remote work or access to comfortable offices in Barcelona.
  • Work–life balance benefits.
  • Summer reduced working hours.
  • Flexible Compensation Plan, including benefits such as meal card, transport, childcare, and training.
  • Private health insurance.

Apply

Upload your CV in .pdf format (max. 1MB)