Search by job, company or skills

ManpowerGroup

Security Engineer (Detection Engineering)

ManpowerGroup
Malaysia, Kuala Lumpur
Fresher
Save
new job description bg glownew job description bg glow
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

We are looking for a Security Engineer (Detection Engineering) – Contract to research and build new detection capabilities, with a primary focus on:

  • Amazon EKS and containerized microservices
  • AI / MCP and agentic systems security detections
  • Autonomous vehicle / IOT platforms and supporting infrastructure
  • Other emerging threats identified through incidents, threat intel, purple teaming, and ongoing findings

Beyond creating new detections, this role will actively participate in the detection lifecycle — supporting investigations, improving signal quality, and driving timely fine-tuning and maintenance of existing rules. This is a hands-on, engineering-heavy role that combines threat research, security operations experience, and software engineering to deliver high‑fidelity, well-documented detections for SIEM, EDR, SOAR, and our security data lake platforms.

About the Role

The day-to-day activities:

  • Research & design new detections
  • Research attacker TTPs relevant to focus areas and translate them into concrete detection opportunities.
  • Perform focused analysis of log sources (e.g., Kubernetes/EKS, CloudTrail, GuardDuty, AV telemetry, AI/agent frameworks) to understand visibility, constraints, and potential blind spots.
  • Collaborate with different teams (e.g. threat intel, red/purple team, and incident responders) to turn incident learnings and threat intel into proactive detections rather than one-off fixes.

  • Build, test, and deploy detection logic
  • Implement high‑fidelity detection rules and analytics across platforms such as SIEM, EDR, and custom detection frameworks, following detection‑as‑code practices (version control, code review, automated tests, CI/CD).
  • Work with large‑scale log data in the Security Data Lake to prototype, validate, and iterate on detection logic using SQL/KQL.
  • Ensure detection logic is operationally sound: performant at scale, resilient to data quality issues, and suitable for near real‑time and batch use cases.

  • Own the detection lifecycle & tuning
  • Participate in day‑to‑day detection lifecycle activities: backlog grooming, prioritisation, development, staging, deployment, monitoring, and iterative tuning.
  • Review alert quality, false positive patterns, and coverage gaps; drive targeted fine‑tuning and suppression strategies to reduce alert fatigue while preserving coverage.
  • Support the creation and tracking of detection metrics (e.g., time to deploy, false positive rate, coverage, detection MTTR inputs) and use them to guide continuous improvement.

  • Incident & response support
  • Work closely with CSIRT to triage and investigate alerts if required, validate detection hypotheses, and deliver emergency detections when active threats are discovered.
  • Provide clear guidance on expected behaviour, triage steps, and response actions so responders can act confidently and consistently.
  • Participate (where required) in ad‑hoc or rostered on‑call / incident support to address urgent security matters.

  • Documentation, communication & collaboration
  • Produce high‑quality detection documentation (goal, context, logic, false positives, blind spots, response playbook) aligned to our detection framework standards.
  • Present new detections and significant alerts to Cyber Defence; explain the why, how, and operational impact.
  • Proactively reach out to different teams to improve log coverage, validate assumptions, and drive adoption of new detection and response workflows

Qualifications

  • A degree in Computer Science, Software Engineering, Cyber Security or related fields

Required Skills

  • Hands-on security response experience (e.g., SOC, DFIR, security engineering) with a track record of investigating real incidents, writing timelines, and driving remediation.
  • Experience with at least one cloud platform (Azure, AWS, GCP)
  • Direct experience working with SIEM, EDR and/or SOAR platforms in an operational environment (e.g., building rules, dashboards, playbooks, or integrations).
  • Strong coding skills in at least one general‑purpose language (ideally Python) for building detection logic, data processing scripts, and automation/integration workflows.
  • Comfortable writing detection and investigation queries in SQL, including working with large security datasets in a data‑lake or big‑data environment.
  • Demonstrated experience building and fine‑tuning detection rules across multiple log sources (cloud, endpoint, network, identity, SaaS) to reduce noise while maintaining coverage.
  • Experience in using AI
  • Ability and willingness to proactively communicate — reaching out to stakeholders, clearly presenting alerts and new detections, and driving alignment without waiting for direction

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Cyber Security
Employment Type:
Full time

About Company

ManpowerGroup

Job ID: 147934951

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Jobs in Top Cities
Popular Jobs
Last Updated: 21-05-2026 06:35:07 PM
Homejobs in MalaysiaSecurity Engineer (Detection Engineering)