SAP Cyber Detection Engineer Expert 

Romania 

284159236

Role and Responsibilities

• Develop and implement strategies to detect anomalous or malicious behavior with a focus on endpoint detection and response (EDR) capabilities.
• Create Security Information and Event Management (SIEM) EDR-based detection logic and craft custom endpoint detection and response (EDR) detection code for use in CrowdStrike Falcon or other EDR platforms.
• Analyze security alerting, with a focus on EDR alerting, to ensure proper tuning of detective content and to identify opportunities to improve detection.
• Utilize threat intelligence to ensure detection strategies are aligned to the most concerning and probable threat vectors and adversary tactics.
• Maintain documentation related to processes, detection strategies, and detection code. Participate in governance, risk and compliance activities related to detection.
• Mentor team-members on best practices for EDR detection strategies and detection code development.
• Collaborate with lines of business and respective security teams to best integrate EDR tools and strategies in alignment with detection strategies and best practices.

Bachelor’s degree or foreign equivalent in Computer Sciences, IT, Cyber Security, Software Development, Engineering, or a related field of study and seven (7) years of progressive post-baccalaureate experience in the job offered or related occupation.

Alternatively, a Master’s degree or foreign equivalent in Computer Sciences, IT, Cyber Security, Software Development, Engineering, or a related field of study and five (5) years of experience in the job offered or related occupation

Skills and Competencies

• Maintaining detection strategies for EDR, specifically CrowdStrike Falcon
• Developing custom detection logic in SIEM and native detection platforms, with a focus on indicators of attack (IOA) in CrowdStrike Falcon EDR
• Programming, to include use of python and PowerShell
• Conducting incident response, penetration testing, cyber threat hunt, or cyber intelligence
• Knowledge of threat intelligence and detection frameworks such as MITRE ATT&CK
• Experience conducting threat simulation/emulation in a lab environment
• Self-motivated and capable of working independently, balancing multiple priorities to meet deadlines in a fast-paced environment.
• Exceptional communication skills, both written and verbal, with the ability to articulate technical concepts to non-technical audiences

Preferred Qualifications

• Relevant certifications such as CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), or similar certifications.
• Experience integrating CrowdStrike with other security tools and platforms for comprehensive threat management.
• Experience with detection-as-code platforms/initiatives and development of detection pipeline

Successful candidates might be required to undergo a background verification with an external vendor.

AI Usage in the Recruitment Process

For information on the responsible use of AI in our recruitment process, please refer to our

Please note that any violation of these guidelines may result in disqualification from the hiring process.