Expoint – all jobs in one place
Finding the best job has never been easier
Limitless High-tech career opportunities - Expoint

PayPal Threat Detection & Response Engineer 
France, Occitania, Toulouse 
637191442

29.05.2025

Your Day-to-Day
  • Develop and fine-tune threat detection logic within SIEM platforms by correlating telemetry from diverse log sources to identify suspicious activity.
  • Design, build, and maintain SOAR playbooks and automation workflows to streamline response and scale incident handling.
  • Collaborate with product and infrastructure teams to understand application architecture and operational environments, enabling the development of context-aware detection rules.
  • Conduct regular threat hunts and leverage intelligence to uncover anomalous behavior, misconfigurations, or emerging risks.
  • Integrate and correlate internal and external threat intelligence to support broader detection strategies and response readiness.
  • Create and maintain scalable frameworks and documentation to enable continuous contribution and improvement across the detection program.
  • Engage with development and platform teams to provide proactive guidance on securing new features and infrastructure.
  • Report on detection trends, effectiveness metrics, and key findings, translating technical insights into actionable recommendations for stakeholders.
Core Responsibilities
  • Translate threat actor TTPs (e.g., MITRE ATT&CK) into reliable, high-fidelity detections.
  • Tune and maintain alerting rules across SIEM, EDR, and cloud-native tools to minimize false positives.
  • Identify visibility gaps and partner with platform teams to improve data collection and normalization.
  • Participate in validation exercises, including red and purple team simulations, to assess and improve detection coverage.
  • Support the full lifecycle of detection development — from idea to deployment, tuning, and documentation.
What You Bring
  • 5+ years of experience in cybersecurity, with a focus on detection engineering, threat hunting, or security automation.
  • Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR solutions (e.g., CrowdStrike, SentinelOne).
  • Proficiency in SIEM query languages like SPL or KQL.
  • Strong understanding of attacker behavior, threat modeling, and adversary simulation techniques.
  • Familiarity with scripting (Python, PowerShell, etc.) and automation in the context of security operations.
  • Excellent collaboration and communication skills with the ability to convey complex security concepts to diverse audiences.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $143,500 to $212,850


Our Benefits:

Any general requests for consideration of your skills, please