Job Title

Use Case Factory Specialist (Detection Engineer)

Job Description

The detection engineer is a member of the Cyber Defense Capabilities team and is responsible for designing, implementing, and continuously validating detection capabilities for CSIRT. This includes building high-fidelity detection logic, regression testing to ensure detections remain effective over time, and executing breach and attack simulations (BAS) to align detection coverage with evolving adversary techniques and threat intelligence.

The detection engineer works closely with incident responders, threat hunters, and threat intelligence analysts to drive continuous improvement and reduce mean time to detect (MTTD)

Your role:

Develop, test, and maintain detection rules, signatures, and correlation logic in SIEM and related platforms.
Conduct regression testing of detection rules to ensure accuracy, resilience, and functionality following system updates or logic changes.
Perform breach and attack simulations (BAS) to validate detection use cases, tied directly to threat intelligence and adversary TTPs.
Map detection logic to adversary techniques using frameworks such as MITRE ATT&CK and ensure coverage of priority threat scenarios.
Integrate threat intelligence feeds, IOCs, and behavioral patterns into detection workflows.
Regularly tune and refine detection logic to reduce false positives and optimize alert fidelity.
Partner with incident response and threat hunting teams to validate detections, perform purple team exercises, and address detection gaps.
Automate enrichment, correlation, and triage processes through SOAR playbooks and custom scripts.
Implement lessons learned from incidents and simulations into new or improved detections.
Maintain documentation, detection repositories, and test playbooks for operational continuity.
Contribute to SOC metrics, including detection coverage, false positive ratios, regression test outcomes, and BAS validation reports.

You're the right fit if:

Bachelor’s degree in Cybersecurity, Computer Science, or related field.
Minimum 2 years of experience in areas such as Security Architecture, Network Security, Cybersecurity Technology, Information Security or equivalent
Strong experience with SIEM platforms (e.g., Splunk, Sentinel).
Proficiency in detection engineering, log parsing, and data normalization.
Working knowledge of artificial intelligence concepts and practical experience applying AI or machine learning techniques within cybersecurity functions, such as threat analysis, automation, or analytics.
Familiarity with adversary simulation tools (e.g., AttackIQ, Caldera, commercial BAS platforms).
Knowledge of threat intelligence integration and frameworks (MITRE ATT&CK).
Scripting ability in Python, PowerShell, or similar languages.
Experience with cloud environments (AWS, Azure, GCP, Aliyun) and associated security telemetry. Strong understanding of network protocols, endpoint security, and common attack techniques.
Hands-on experience with SOAR platforms and automation development.
Prior exposure to purple team exercises and continuous validation methodologies.
Familiarity with detection engineering in containerized or modern application environments (Kubernetes, serverless).

How we work together

We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities. Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.

This role is an office role.

About Philips

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.

Learn more about our business here.
Discover our rich and exciting history here.
Learn more about our purpose here.

If you're interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#LI-EU