Managed Security Services - Stockholm

Detection Engineer

Join our mission towards a safe digital future

Apply for this job

Do you want to be at the forefront of protecting our society against cyber threats? We are looking for a Detection Engineer to team up with the most dedicated team of cyber specialists in our Managed Security Service domain.

About Truesec – Safeguarding Society in a Digital World

Since 2005, Truesec has been a native cybersecurity company, driven by one single purpose: Creating safety and sustainability in a digital world by preventing cyber breach and minimizing impact.

Over the years, we’ve earned the trust of organizations worldwide and gained a strong reputation internationally. Our team consists of dedicated specialists covering the entire spectrum of cybersecurity – with capabilities in Predict, Prevent, Protect, Respond, and Recover.

Today, we employ around 350 employees – and as cybercrime grows, we need to grow. To support that goal, we are now looking for a Detection Engineer who wants to make a difference in our Managed Security Service domain.

Managed Security Services

Truesec helps customers globally with Managed Detection & Response including Attack Prediction Services, Vulnerability Management Services for both IT and OT environment. Our services are all delivered by skilled security analysis teams that conduct 24/7 attack monitoring, threat hunting, threat intelligence analysis, and threat remediation. Our team of experts works tirelessly to identify and prevent cyber breaches, and to help increase our customers’ proactive cybersecurity defenses. Our goal is to be an extension of our customers’ IT organizations, customizing a combination of capabilities and tooling, tailored to prevent cyber attacks in the most efficient way.

The Role

This position is a vital role for the continued development of our detection capabilities, enabling the SOC to find more advanced threat actors by leveraging automation, enrichment and cross platform correlations to create high level alerting on top of various security platforms as well as automated handling of low level alerts in order for the analysts to focus on more critical incidents. You will be part of the Detection Engineering team, but also spend a lot of your time in cross-domain teams, working close to operations and developers to create solutions fitting a wide variety of use cases.

In this role you will:

  • Create automations within SOAR platforms to enrich alerts and entities from various security platforms.

  • Monitor for use cases where automation can automatically handle alerts by analyzing large amounts of alert metadata.

  • Enable and educate SOC analysts by sharing expertise in detection engineering, development and threat hunting.

  • Support and mentor SOC analysts during escalations, acting as second line of defense in complex investigations or during threat hunts.

  • Collaborate closely with SOC Management in order to reduce the workload on the analysts through automation.

  • Collaborate with development teams in order to create, integrate and maintain solutions through API.

  • Create visualizations of alerts and entities within the SOAR platform.

  • Create enrichment queries for a variety of security platforms, such as Crowdstrike, Microsoft Defender for Endpoint and SentinelOne.

  • Track and report on the effectiveness of automations.

This role is key for the SOCs continued development, creating higher fidelity alerts and reducing the amount of noise.

Your Potential Background

  • Passion for cybersecurity and leveraging technology to solve complex challenges and improve SOC efficiency, with 2–5 years of hands-on experience in cybersecurity, ideally within a SOC or similar environment.

  • Proven track record of developing and implementing automation or enrichment solutions in a SOC context, with experience in security automation, detection engineering, and security operations.

  • Hands-on experience with SIEM and SOAR platforms and familiarity with major security platforms such as Crowdstrike, Microsoft Defender for Endpoint, and SentinelOne.

  • Proficiency in scripting, automation, and query languages (e.g., Python, PowerShell, KQL, Elastic) to build, tune, and maintain detections, automations, and enrichment workflows.

  • Strong understanding of security alerting, enrichment, and detection workflows across EDR, SIEM, XDR, and NDR platforms, including analyzing large alert metadata datasets to improve detection fidelity and reduce noise.

  • Ability to work in agile, cross-domain teams with SOC analysts, operations, developers, and stakeholders, with strong communication, documentation, visualization, and reporting skills, and exposure to threat hunting, incident response, and security analysis.

Due to the sensitivity in our assignments, we require Swedish citizenship, citizenship in an EU country, or a Swedish work permit. 

Join Our Mission Toward a Safe Digital Future

If you truly want to make a difference and make our world a little bit safer, this is the place for you. At Truesec, you’ll get to be at the forefront of fighting cybercrime instead of reading about it in the news. This is your chance to be part of an exciting journey in a leading cybersecurity company – and learn from some of the best in their field.

So, are you ready to team up with the most dedicated team of experts and be part of a meaningful mission? Then we are excited to get to know you!

Apply for this job