Managed Security Services - Stockholm

Detection Engineer

Join our mission towards a safe digital future

Apply for this job

Do you want to be at the forefront of protecting our society against cyber threats? We are looking for a Detection Engineer to team up with the most dedicated team of cyber specialists in our Managed Security Service domain.

About Truesec – Safeguarding Society in a Digital World

Since 2005, Truesec has been a native cybersecurity company, driven by one single purpose: Creating safety and sustainability in a digital world by preventing cyber breach and minimizing impact.

Over the years, we’ve earned the trust of organizations worldwide and gained a strong reputation internationally. Our team consists of dedicated specialists covering the entire spectrum of cybersecurity – with capabilities in Predict, Prevent, Protect, Respond, and Recover.

Today, we employ around 350 employees – and as cybercrime grows, we need to grow. To support that goal, we are now looking for a Detection Engineer who wants to make a difference in our Managed Security Service domain.

Managed Security Services

Truesec helps customers globally with Managed Detection & Response including Attack Prediction Services, Vulnerability Management Services for both IT and OT environment. Our services are all delivered by skilled security analysis teams that conduct 24/7 attack monitoring, threat hunting, threat intelligence analysis, and threat remediation. Our team of experts works tirelessly to identify and prevent cyber breaches, and to help increase our customers’ proactive cybersecurity defenses. Our goal is to be an extension of our customers’ IT organizations, customizing a combination of capabilities and tooling, tailored to prevent cyber attacks in the most efficient way.

The Role

This position is a key role in the SOC, enabling analysts to focus on critical alerts and preventing breaches by creating, tuning and implementing robust, high-fidelity detections.
You will be part of Detection Engineering, a team consisting of several disciplines such as Tuning, Threat Hunting and Purple team, but also towards other departments such as Threat Intelligence, Incident Response and Customer Team.

In this role you will:

  • Evaluate tuning requests from analysts and customers based on operational impact and security best practices.

  • Continuously monitor and assess detections for improvement, informed by threat intelligence and incident response findings.

  • Enable and educate SOC analysts by sharing expertise in threat hunting, tuning, and detection engineering.

  • Support and mentor SOC analysts during escalations, acting as second line of defense in complex investigations or during threat hunts.

  • Collaborate closely with the Customer Team to communicate requests and changes to customers.

  • Document tuning actions and detection changes, contributing to incident and governance reporting.

  • Research current threats and evaluate existing detection rule scope, developing detections to cover possible gaps.

This role is vital to ensuring our SOC operations run smoothly and efficiently, with alerts leveraged to their fullest potential, in alignment with Truesec’s commitment to proactive, intelligence-driven security operations.

Your Potential Background

We are looking for someone with a passion for cybersecurity, attention to detail, and the ability to work both autonomously and as part of a team.
You thrive on deep investigations and rabbit holes, never giving up until you fully understand what caused a specific detection to trigger.
You have 2–5 years of hands-on experience in cybersecurity, ideally within a SOC and with a focus on threat hunting. 

Required Skills:

  • Ability to communicate complex technical concepts to both technical and non-technical audiences.

  • Familiarity with EDR, SIEM, NDR or XDR platforms, particularly the Defender suite, Crowdstrike, Palo Alto Cortex and SentinelOne.

  • Experience with structured threat hunting approaches; hypothesis-driven investigations, and familiarity with frameworks like MITRE ATT&CK.

  • Proficency with query languages such as KQL, EQL or similar to develop detection logic and analyze large datasets.

  • Experience supporting or participating in investigations and remediation activities.

  • Demonstrated commitment to staying current with emerging threats, detection techniques, and new security technologies.

  • Ability to work closely with SOC analysts, TAMs and other stakeholders, supporting a knowledge-sharing culture.

  • Ability to clearly document detection logic, tuning decisions, and investigation findings for transparency and ongoing improvement.

  • Ability to prioritize and balance between tuning, creating or improving detections based on threat likelihood, business impact, and customer requirements.

  • Self-motivated with an ability to work independently and take ownership of responsibilities.

  • Have a data-driven approach for precision in tuning detections and implementing changes to avoid introducing gaps or excessive noise.

Bonus Skills:

  • Proficiency with scripting or programming languages (e.g.  Powershell, Python) to automate repetitive tasks.

  • Experience in separate Cybersecurity disciplines such as Offensive, IR or similar.

  • Experience in SOAR or similar automation and orchestration platforms.

Due to the sensitivity in our assignments, we require Swedish citizenship, citizenship in an EU country, or a Swedish work permit. 

Join Our Mission Toward a Safe Digital Future

If you truly want to make a difference and make our world a little bit safer, this is the place for you. At Truesec, you’ll get to be at the forefront of fighting cybercrime instead of reading about it in the news. This is your chance to be part of an exciting journey in a leading cybersecurity company – and learn from some of the best in their field.

So, are you ready to team up with the most dedicated team of experts and be part of a meaningful mission? Then we are excited to get to know you!

Apply for this job