Detection and Intelligence Fusion Specialist

To lead client engagements and drive service delivery in Detection Engineering, Cyber Threat Intelligence (CTI), and Digital Risk Protection (DRP). The specialist also contributes to service development and represents the MSSP as a subject matter expert during client engagements.

• Maintain awareness of emerging threats to design proactive detection strategies that address evolving attack techniques by creating strategic, tactical, and operational threat intelligence reports.
• Drive mapping of client detection coverage against adversary TTPs and provide strategic gap‑closure plans.
• Serve as the senior point of contact for client engagements related to detection engineering, CTI, and DRP service delivery.
• Deliver executive‑level briefings, detection roadmaps, and threat intelligence exercises tailored to client business and regulatory contexts.
• Provide support during client incidents, offering threat context and detection enhancements.
• Develop IOCs, IOBs, and threat‑hunting packages as deliverables to clients.
• Monitor, triage, analyze, and report CTI and DRP alerts as well as takedown and RFI requests to clients.
• Mentor and guide DIF analysts and specialists in detection engineering, CTI, DRP, and client delivery.
• Contribute to the team’s methodologies and processes for service‑delivery improvement requirements.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field.
• Related cybersecurity professional certificates/licenses are a plus.
• 2 years of experience in cybersecurity with at least 1 year focusing on detection engineering, cyber threat intelligence, and/or digital risk protection.
• Deep experience with SIEM, XDR, and threat intelligence platforms.
• Advanced skills in developing and optimizing detection logic, YARA, Sigma, Regex, and behavioral analytics.
• Experience in adversary tradecraft, malware behavior, and detection evasion techniques.
• Expertise in threat intelligence consumption, enrichment, and operationalization.
• Experience with detection and intelligence performance metrics.
• Exposure to frameworks such as MITRE ATT&CK, Diamond Model, Cyber Kill Chain, STIX, and TAXII.
• Strong ability to present to both technical and executive stakeholders.
• Ability to lead workshops, assessments, and detection or CTI strategy engagements.
• Excellent analytical, problem‑solving, and decision‑making skills under pressure.
• Ability to work collaboratively in a team environment and foster strong relationships with stakeholders.
• Strong project management skills and ability to prioritize and manage multiple initiatives simultaneously.