# Threat Detection Engineer > COGNNA · Riyadh, Saudi Arabia · Full-time · Posted 2026-06-21 **Workplace:** on_site **Department:** Threat Detection ## Description As **a Threat Detection Engineer** at COGNNA, you’ll design high-impact detection strategies, build powerful automation, and elevate SOC operations to a world-class standard. You’ll also mentor rising cyber talent and collaborate with teams across threat intel, incident response, and platform engineering. 🔐 Advanced Threat Detection Engineering - Build high-fidelity correlation rules and behavioral detections within the COGNNA security platforms. - Translate adversary TTPs (MITRE ATT&CK), threat intel, and vulnerability data into actionable logic. - Identify detection gaps and introduce new data sources to cover evolving threat landscapes. - Automate detection testing and maintain detection quality over time. ⚙️ Platform Engineering & Optimization - Lead architecture and optimization of XDR, SIEM, and SOC tech stacks for scale and resilience. - Streamline log ingestion pipelines — from parsing to normalization and enrichment. - Build scripts and automations (Python, PowerShell) to enhance SOC efficiency. - Integrate tools across the SOC stack to enable seamless workflows and response. 🕵️‍♂️ Threat Hunting & Incident Response - Collaborate with intel and IR teams to enrich detection use cases and support threat hunts. - Provide Tier-3+ support for incident investigations and post-mortem analysis. 👥 Mentorship & SOC Maturity - Improve SOC playbooks, SOPs, and detection engineering workflows. - Stay updated on global and regional threats — and evolve detection accordingly. - Ensure compliance alignment (e.g., NCA ECC, SAMA CSF). ## Requirements ### 🎓 Education - Bachelor’s in Computer Science, Cybersecurity, or related field. ### 💼 Experience - Hands-on expertise in developing and maintaining complex detection use cases. - Strong understanding of attacker behavior, IR fundamentals, and digital forensics. ### 🔧 Technical Skills (You’re a Power User!) - SIEM: Expert in SIEM queries (SPL, KQL, Lucene), rule tuning, UEBA, and scaling. - EDR: Deep knowledge of EDR tools and endpoint detection tactics. - Network Security: Pro at packet analysis (Wireshark), IDS/IPS, and NetFlow. - Scripting: Advanced skills in Python and/or PowerShell for automation and integration. - OS Internals: Mastery of Windows/Linux/macOS logging, artifacts, and forensic value. - Threat Intelligence: Skilled in turning threat intel into real-time detection logic. - Cloud Security: Strong command of monitoring IaaS/PaaS/SaaS environments. ### 🏅 Certifications (Highly Preferred) - 🎓 SANS GIAC (GDAT, GMON, GCIA, GCTI, GCIH) - 🐉 Offsec (OSDA) - 🏫 INE (eCTHP, eCIR) - 🧩 (ISC)² CISSP, CSSLP ### 🤝 Soft Skills - Exceptional analytical thinking and creative problem-solving. - Excellent communication (English & Arabic), including technical reporting. - Strong mentorship abilities and a collaborative spirit. - Self-motivated, focused, and passionate about cyber defense. - Capable of juggling priorities under high-pressure situations. ## Benefits 🚀 **Impact that Matters** – Build products that shape the future of cybersecurity and protect organizations globally. 🏢 **On-Site Collaboration** – Be at the heart of innovation in our Riyadh office, working side by side with passionate experts. 💡 **Continuous Growth** – Access to certifications, trainings, and opportunities to sharpen your expertise. 📈 **Ownership Mindset** – Benefit from our **ESOP program** and grow with COGNNA’s success. 🤝 **Culture of Trust** – We empower talent, encourage ownership, and celebrate real outcomes. ## Apply [Apply at COGNNA](https://apply.workable.com/cognna/j/D986F95739/apply) --- Powered by [Workable](https://www.workable.com)