SOC Detention Lead Expert - Freelance

Contexte de la mission

SERVICE MAIN ACTIVITIES

Security Operations Center (SOC) delivers the following capabilities to the entities around the globe: Security Incident Detection, Threat Hunting, Security Incident Response and Threat Intelligence.

The Core Philosophy

We believe the best service to write a detection rule is the one who knows exactly how to bypass it.

We are looking for a Red Teamer who wants to pivot into our primary Detection Strategist. You will own the quality and direction of our detection logic: assess our telemetry and logging posture, identify visibility gaps, define detection requirements, and author high-fidelity detection content that holds up against real-world bypass techniques.

You will be the connective tissue between offensive tradecraft and SOC outcomes—translating attacker behavior into durable, actionable detections.

Objectifs et livrables

Primary Focus: Detection Engineering

Your main responsibility is to ensure that when an adversary moves, we see it. You will spend most of your time inside our SIEM, crafting high-fidelity alerts based on your overview of offensive TTPs.

Logic Creation: You will author complex KQL queries to detect sophisticated behaviors (e.g., Token manipulation, C2 jitter, etc.) rather than simple IOC matching.

Telemetry Analysis: You will deeply analyze raw logs from EDR, Identity Providers, and Cloud infrastructure to determine what data is missing and work to enable the right logging policies.

False Positive Reduction: You will apply your overview of 'normal' vs. 'malicious' administrative behavior to tune existing rules, ensuring the SOC is not flooded with noise.

Secondary Focus: Targeted Adversary Emulation

You will still get your hands on the keyboard to attack, but the goal is different. you are generating data.

Validation Attacks: You will execute specific, manual attack sequences to verify that a new detection rule triggers.

Gap Analysis: You will simulate specific techniques (mapped to MITRE ATT&CK) to prove where our blind spots are, then immediately switch gears to fix them.

Service Key Responsibilities:

Translate complex threat intelligence and known Red Team techniques into actionable detection logic (KQL).

Review and optimize the current library of detection rules for accuracy and coverage.

Collaborate with the Incident Response team to understand why previous attacks were missed and engineer rules to prevent recurrence.

PROFILE, EXPERTISE, & COMPETENCIES

Expertise:

Expertise in Offensive Security (Red Teaming/Pen Testing) ? 4 years

Expertise in Detection Engineering or Blue Team Operations ? 2 years

Solid overview of bypass concepts, including payload obfuscation, in-memory execution, and anti-analysis techniques, etc.

Strong expertise in Active Directory exploitation and stealth-focused lateral movement methodologies

Expertise with industry-standard offensive security tooling, including customization to reduce detection and signature overlap

Expertise in designing and operating Command & Control (C2) frameworks and infrastructure with strong OPSEC and traffic obfuscation practices

Expertise in developing scripts and lightweight tooling to support engagements using Python, PowerShell, or C/C++

Expertise in Sentinel and Kusto Query Language (KQL) 

Solid overview of detection engineering concepts and MITRE ATT&CK 

Strong problem-solving expertise to troubleshoot and resolve complex issues 

English context and environment – mandatory