Job Description:Job Title: Detection Engineer

Description**:

• As a Detection Engineer, your primary mission is to research, design, and build advanced detection logic to protect the Airbus ecosystem. You will move beyond simple alert monitoring to proactively identify gaps in our** Detection Coverage and create robust "Detection as Code" solutions. You will be part of the Detection & Response (D&R)team, ensuring our defenses evolve as fast as the threat landscape.
  The Mission Research & Develop: Proactively research threat actor TTPs (Tactics, Techniques, and Procedures) and Understand how they are being used in an Attack and emulate the scenario to convert them into actionable detection rules.

Detection as Code: Utilize CI/CD frameworks to deploy, test, and maintain detection logic and have an Automation mindset for smooth functioning of the CI/CD Pipeline.Adversary Emulation: Mimic real-world attacks in a lab environment to validate that our sensors and alerts actually work, identify the coverage Gap understand the Emulation Output and and create a detection for same.Continuous Defensive Evolution: To partner with the Detection & Response (D&R) team to ensure our defensive capabilities evolve at the speed of the threat landscape, hardening the organization against emerging risks also Map the Detection capability accurately with MITRE ATT&CK framework to identify and close blind spots.

Qualification & Experience:

• Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field.
• **Experience:**4 to 8+ years of experience specifically in Detection Engineering, Threat Hunting, or Advanced SOC Analysis (L3).
• Core Technical Skills: Deep knowledge of Windows, Unix/Linux, and Cloud (AWS/GCP) telemetry.
• Proficiency in Splunk SPL and experience with Splunk Enterprise Security.
• Familiarity with detection standards: Sigma, YARA, Snort, or STIX/TAXII.
• Strong understanding of the MITRE ATT&CK framework.
• Some Experience towards Adversary Emulation and Simulation.
• Research Oriented mindset to understand the latest attacks, TTPs used into the same and test the controls against the same through Simulation and build the Detections.
• Preferred: Certifications like OSCP, GCIA, GDAT, or Splunk Power User/Admin.
• Mindset: A "purple team" mentality—understanding how to attack in order to better defend.

Key Responsibilities

• Threat Research: Analyse latest threats and APT behaviours to improve the security detection posture.
• Rule Engineering: Build and maintain security detections using a Git-based CI/CD framework.
• Validation: Perform adversary emulation to test the efficacy of security controls and detection logic.
• Testing: Develop specific test cases and regression tests to ensure detection reliability and reduce false positives.

Emulation and Simulation:

• Emulate and Simulate the scenarios against real telemetry to identify the behaviour and output and convert the same as a robust Detection.
• Collaboration: Work with the Use Case Factory (UCF) and Business stakeholders to refine detection requirements.
• Documentation: Produce high-quality technical documentation for each detection, including the "logic" behind the alert and recommended response steps for SOC analysts.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus India Private Limited:

Employment Type:

Permanent

Experience Level:

Professional

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.