Consultant - Detection Engineer

Job Title: Ops – Consultant (Detection Engineer)

Employment type: Contract until end of December 2026

Industry: Fintech

Working Location: 1, First Avenue, Petaling Jaya, 47800, Selangor

Working Day/Hours: Monday – Friday; 10am – 7pm.

Salary: Basic up to RM 14,000 (Based on experience + skills) + with statutory contribution + leave entitlement + medical insurance

Get to know our Team:

Our Detection Engineering function in Cyber Defense is responsible for detecting, managing, and responding to malicious activity across company's infrastructure — from cloud and SaaS to endpoints and identity platforms. The team owns the detection lifecycle end to end: research, design, development, deployment, monitoring, and continuous improvement of detections, following our detection-as-code framework and lifecycle G-DARF (Company Detection, Alerting and Response Framework).

This role sits within the Security Automation & Detection Engineering (CSADE) area, partnering closely with the Security operation team, platform teams, and other cyber functions.

Get to know the Role:

We are looking for a Security Engineer (Detection Engineering) – Contract to research and build new detection capabilities, with a primary focus on:

● Amazon EKS and containerized microservices

● AI / MCP and agentic systems security detections

● Autonomous vehicle / IOT platforms and supporting infrastructure

● Other emerging threats identified through incidents, threat intel, purple teaming, and ongoing findings.

Beyond creating new detections, this role will actively participate in the detection lifecycle — supporting investigations, improving signal quality, and driving timely fi ne-tuning and maintenance of existing rules.

This is a hands-on, engineering-heavy role that combines threat research, security operations experience, and software engineering to deliver high-fidelity, well-documented detections for SIEM, EDR, SOAR, and our security data lake platforms.

The day-to-day activities:

● Research & design new detections

○ Research attacker TTPs relevant to focus areas and translate them into concrete detection opportunities.

○ Perform focused analysis of log sources (e.g., Kubernetes/EKS, CloudTrail, GuardDuty, AV telemetry, AI/agent frameworks) to understand visibility, constraints, and potential blind spots.

○ Collaborate with different teams (e.g. threat intel, red/purple team, and incident responders) to turn incident learnings and threat intel into proactive detections rather than one-off fixes.

● Build, test, and deploy detection logic

○ Implement high-fidelity detection rules and analytics across platforms such as SIEM, EDR, and custom detection frameworks, following detection-as-code practices (version control, code review, automated tests, CI/CD).

○ Work with large-scale log data in the Security Data Lake to prototype, validate, and iterate on detection logic using SQL/KQL.

○ Ensure detection logic is operationally sound: performant at scale, resilient to data quality issues, and suitable for near real-time and batch use cases.

● Own the detection lifecycle & tuning

○ Participate in day-to-day detection lifecycle activities: backlog grooming, prioritization, development, staging, deployment, monitoring, and iterative tuning.

○ Review alert quality, false positive patterns, and coverage gaps; drive targeted fi ne-tuning and suppression strategies to reduce alert fatigue while preserving coverage.

○ Support the creation and tracking of detection metrics (e.g., time to deploy, false positive rate, coverage, detection MTTR inputs) and use them to guide continuous improvement.

● Incident & response support ○ Work closely with CSIRT to triage and investigate alerts if required, validate detection hypotheses, and deliver emergency detections when active threats are discovered.

○ Provide clear guidance on expected behavior, triage steps, and response actions so responders can act confidently and consistently.

○ Participate (where required) in ad-hoc or rostered on-call / incident support to address urgent security matters.

● Documentation, communication & collaboration

○ Produce high-quality detection documentation (goal, context, logic, false positives, blind spots, response playbook) aligned to our detection framework standards.

○ Present new detections and significant alerts to Cyber Defense; explain the why, how, and operational impact.

○ Proactively reach out to different teams to improve log coverage, validate assumptions, and drive adoption of new detection and response workflows.

The must-haves:

● A degree in Computer Science, Software Engineering, Cyber Security or related fields

● Hands-on security response experience (e.g., SOC, DFIR, security engineering) with a track record of investigating real incidents, writing timelines, and driving remediation.

● Experience with at least one cloud platform (Azure, AWS, GCP)

● Direct experience working with SIEM, EDR and/or SOAR platforms in an operational environment (e.g., building rules, dashboards, playbooks, or integrations).

● Strong coding skills in at least one general-purpose language (ideally Python) for building detection logic, data processing scripts, and automation/integration workflows.

● Comfortable writing detection and investigation queries in SQL, including working with large security datasets in a data-lake or big-data environment.

● Demonstrated experience building and fi ne-tuning detection rules across multiple log sources (cloud, endpoint, network, identity, SaaS) to reduce noise while maintaining coverage.

● Experience in using AI

● Ability and willingness to proactively communicate — reaching out to stakeholders, clearly presenting alerts and new detections, and driving alignment without waiting for direction.