Threat Detection Engineer Job Riyadh area,Riyadh Region Saudi Arabia,IT/Tech

Threat Detection Engineer

Design high‑impact detection strategies, build powerful automation, and elevate SOC operations to a world‑class standard. Mentor rising cyber talent and collaborate with teams across threat intelligence, incident response, and platform engineering.

Advanced Threat Detection Engineering

Build high‑fidelity correlation rules and behavioral detections within the COGNNA security platforms.
Translate adversary TTPs from MITRE ATT&CK, threat intel, and vulnerability data into actionable logic.
Identify detection gaps and introduce new data sources to cover evolving threat landscapes.
Automate detection testing and maintain detection quality over time.

Platform Engineering & Optimization

Lead architecture and optimization of XDR, SIEM, and SOC tech stacks for scale and resilience.
Streamline log ingestion pipelines from parsing to normalization and enrichment.
Build scripts and automations in Python and Power Shell to enhance SOC efficiency.
Integrate tools across the SOC stack to enable seamless workflows and response.

Threat Hunting & Incident Response

Collaborate with intel and IR teams to enrich detection use cases and support threat hunts.
Provide Tier‑3 support for incident investigations and post‑mortem analysis.

Mentorship & SOC Maturity

Improve SOC playbooks, SOPs, and detection engineering workflows.
Stay updated on global and regional threats and evolve detection accordingly.
Ensure compliance alignment e.g. NCA, ECC, SAMA, CSF.

Impact that Matters

Build products that shape the future of cybersecurity and protect organizations globally.

On‑Site Collaboration

Work in the Riyadh office, collaborating side by side with passionate experts.

Continuous Growth

Access to certifications, trainings, and opportunities to sharpen your expertise. Benefit from our ESOP program and grow with COGNNA’s success.

Culture of Trust

We empower talent, encourage ownership, and celebrate real outcomes.

Qualifications

Bachelor’s in Computer Science, Cybersecurity, or related field.
Hands‑on expertise in developing and maintaining complex detection use cases.
Strong understanding of attacker behavior, incident response fundamentals, and digital forensics.

Technical Skills (Power User)

SIEM:
Expert in SIEM queries (SPL, KQL, Lucene), rule tuning, UEBA, and scaling.
EDR:
Deep knowledge of EDR tools and endpoint detection tactics.
Network Security:
Pro at packet analysis (Wireshark), IDS/IPS, and Net Flow.
Scripting:
Advanced skills in Python and/or Power Shell for automation and integration.
OS Internals:
Mastery of Windows/Linux/macOS logging, artifacts, and forensic value.
Threat Intelligence:
Skilled in turning threat intel into real‑time detection logic.
Cloud Security:
Strong command of monitoring IaaS, PaaS, and SaaS environments.

Certifications (Highly Preferred)

SANS GIAC (GDAT, GMON, GCIA, GCTI, GCIH)
Offsec (OSDA)
INE (eCTHP, eCIR)(ISC)
CISSP, CSSLP

Soft Skills

Exceptional analytical thinking and creative problem‑solving.
Excellent communication (English & Arabic), including technical reporting.
Strong mentorship abilities and a collaborative spirit.
Self‑motivated, focused, and passionate about cyber defense.
Capable of juggling priorities under high‑pressure situations.

#J-18808-Ljbffr