Detection Engineer

We’re looking for a Detection Engineer to join our Customer Experience, Research, and Training (CERT) team and take ownership of the hard part of detection engineering. You’ll be the technical specialist who takes detection logic out of the lab and proves it in the wild, validating, tuning, and operationalising detections inside real customer environments where the stakes are real. Working closely with and reporting to the Lead Detection Engineer, you’ll ensure the detections we ship are investigation-ready, operationally effective, and grounded in how adversaries actually behave—not how we wish they did. If you’re excited by the challenge of turning real attacker behaviour into detections that actually catch them, and enjoy bridging the gap between research and real-world operations, we’d love to hear from you. + What you’ll do Build, validate, and sharpen detection logic based on live investigative research and emerging threats Pressure-test detections against real-world telemetry — not synthetic test data Partner directly with Product Engineering to push high-confidence detections and investigative insights into Binalyze AIR, so the platform evolves at the speed of the threat landscape Turn what we learn from attackers this week into detection capability next week + What Good Looks Like By 3 months: Onboarded with CERT, Product, and Engineering; baseline understanding of Binalyze AIR detection coverage, customer telemetry patterns, and the current detection backlog; validated and tuned a first set of detections in for at least one product type; first structured feedback delivered to CERT on detection efficacy. By 6 months: Established subject-matter ownership of at least one attacker-technique area; consistent flow of validated detection improvements landing in Binalyze AIR; recognised technical escalation point during complex customer investigations; trusted partner to Solutions Consulting and Forward Deployed Security Architects (FDSA) on detection-related engagements. By 12 months: Measurable improvement in detection quality and investigative signal across the portfolio; faster validation of detections in real customer environments; reduced friction during investigations involving detection logic; demonstrable influence on detection-related roadmap decisions; positive feedback from Solutions Consulting, FDSA, and Product teams. + What we're looking for Education and Experience: Education: Bachelor’s degree in Computer Science, Cybersecurity, or related field; or equivalent professional experience. Experience: Strong background in cybersecurity investigations, detection engineering, threat hunting, or security operations Hands-on experience developing, validating, and tuning detections in live or production environments Practical experience with detection and analysis technologies such as YARA, Sigma, SQL, and Python Familiarity with reverse engineering, malware analysis, or deep artifact analysis to support detection development Deep understanding of attacker techniques, tradecraft, and investigative workflows across endpoint, network, and cloud environments Ability to translate technical findings into clear, actionable feedback for Product and Engineering teams Preferred/Desirable: DFIR, SOC, or threat detection background in enterprise environments Experience contributing detections to security platforms or products Familiarity with endpoint, log, or telemetry-based detection systems Experience working in fast-moving, customer-facing security roles Skills & Behaviours Skills: Technical skills: You develop, validate, and tune detection logic using YARA, Sigma, SQL, and Python in real production environments. Detection engineering: You design detections grounded in investigator workflows and attacker tradecraft — not abstract theory — and refine them continuously based on real customer outcomes. Communication: You translate complex technical findings into clear, actionable feedback for Product and Engineering teams. Relationship building: You partner with customers, Solutions Architecture, and Field CIROs without losing technical rigor or investigative depth. Data-driven: You ground detection decisions in real telemetry, attacker behavior, and investigative outcomes — not theory. Project management: You manage multiple concurrent detection workstreams across live engagements and product integration without dropping signal. AI & Automation Fluency: Advanced. You design and build AI-powered automation systems across functions with a focus on business impact. You are expected to operate at Game Changer level on the Binalyze AI Fluency Matrix. Behaviours: Adaptability: You work comfortably with ambiguity and shifting attacker landscapes. You make calls with incomplete information and adjust as evidence emerges. Initiative: You identify detection gaps and investigative friction points without being asked. You don't wait for a brief. Collaborative: You work across CERT, Product, and Engineering as equal partners, sharing credit and surfacing tradeoffs honestly. Growth mindset: You treat every customer investigation as a chance to sharpen your detection craft and your understanding of attacker behavior. Remote working: You are effective at working asynchronously across time zones. You communicate proactively in writing (Slack, Confluence) and don't rely on being in the same room. +What we offer 28 days holiday allowance + wellbeing days + birthday off! Private medical insurance for you and your family. A supportive and collaborative team that's as passionate as you are. Home office setup support and fully remote and flexible working Great opportunities for growth and development Entertainment allowance Healthy living allowance + Ready to make an impact? If you’re passionate about building great products, solving complex problems, and advancing the future of cybersecurity, we’d love to meet you. + Diversity & Inclusion At Binalyze, we are committed to building a diverse and inclusive team. We welcome applicants from all backgrounds, perspectives, and experiences. Apply To This Job