-
Our client, Recorded Future, leverages massive amounts of data to construct the valuable insights that keep our customers safe. As cyber threats evolve, so must our detection capabilities. We continuously create and refine detection rules to stay ahead of emerging threats, and these detections must be tailored to the unique environments and needs of our customers for maximum impact. We are seeking a Detection QA Engineer to lead efforts in automating, scaling, and assuring the quality of our detection content. Your work will directly support the delivery of high-fidelity, SIEM-ready detection rules, ensuring our customers receive timely, relevant, and actionable protection through our product platform.
Responsibilities:
View all jobs
Our client, Recorded Future, leverages massive amounts of data to construct the valuable insights that keep our customers safe. As cyber threats evolve, so must our detection capabilities. We continuously create and refine detection rules to stay ahead of emerging threats, and these detections must be tailored to the unique environments and needs of our customers for maximum impact. We are seeking a Detection QA Engineer to lead efforts in automating, scaling, and assuring the quality of our detection content. Your work will directly support the delivery of high-fidelity, SIEM-ready detection rules, ensuring our customers receive timely, relevant, and actionable protection through our product platform.
Responsibilities:
- Lead the development and maintenance of CI/CD pipelines that automate the translation of Sigma rules into SIEM-native detection formats such as KQL, SPL, and ECS-based syntaxes.
- Design and implement robust validation, linting, and QA workflows to ensure the syntactic correctness, logic integrity, and coverage quality of detection rules before they are delivered to customer systems.
- Collaborate closely with detection content authors, threat researchers, and product engineering to align rule logic with attacker behaviors and customer environments.
- Contribute to a centralized detection-as-code platform that manages lifecycle, version control, testing, and release of detections to downstream products.
- Investigate new approaches to detection normalization, enrichment, and telemetry alignment that improve detection effectiveness and cross-SIEM portability.
- Provide mentorship on detection rule structure, QA practices, and platform compatibility.
- 2+ years of experience in detection engineering, security operations, or threat detection development, ideally within product or platform teams.
- Hands-on experience building or contributing to CI/CD pipelines (e.g., GitHub Actions, GitLab CI, CircleCI) that include automated testing, validation, and deployment.
- Strong understanding of Sigma rule format and its translation mechanisms (e.g., sigmac) into target SIEM languages such as Kusto Query Language (KQL), Splunk Processing Language (SPL), and Elastic DSL.
- Proficiency in Python or Go for automation and tool integration; experience with YAML, JSON schema, and detection-as-code practices.
- Familiarity with cloud-native detection environments (e.g., Azure Sentinel, Chronicle, Elastic Security).
- English - upper-intermediate, Ukrainian - advanced or higher
- Experience with Infrastructure-as-Code (e.g., Terraform), container orchestration (Docker/Kubernetes), or QA frameworks for content validation.
- Flexible working format - remote, office-based or flexible
- A competitive salary and good compensation package
- Personalized career growth
- Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
- Active tech communities with regular knowledge sharing
- Education reimbursement
- Memorable anniversary presents
- Corporate events and team buildings
- Other location-specific benefits
- not applicable for freelancers
Key Skills
Ranked by relevance
siem
cicd
gitlab ci
terraform
circleci
python
gitlab
splunk
cloud
ecs
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Senior DevOps Engineer
2026-05-22
Full-time
Mid-Senior
Lithuania
Software Development
Engineering
View Job Details
Related
DevOps Engineer
2026-05-22
Full-time
Entry
Netherlands
Software Development
Information Technology
View Job Details
Related
Machine Learning Engineer
2026-05-22
Full-time
Mid-Senior
Portugal
IT Services
Engineering
Login to Apply
- Posted
- Aug 08, 2025
- Type
- Full-time
- Level
- Not Applicable
- Location
- Lviv
- Company
- N-iX
Industries
Software Development
Categories
Engineering
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Senior DevOps Engineer
2026-05-22
Full-time
Mid-Senior
Lithuania
Software Development
Engineering
View Job Details
Related
DevOps Engineer
2026-05-22
Full-time
Entry
Netherlands
Software Development
Information Technology
View Job Details
Related
Machine Learning Engineer
2026-05-22
Full-time
Mid-Senior
Portugal
IT Services
Engineering