logo

Bekijk alle vacatures

Securitty Detection Engineer/Lead

Brussel, Brussel

Senior Detection Engineer / Threat Detection Lead

Timing: 01/08/2026 to 28/02/2027

Location: Brussels

Regime: Fulltime, Hybrid, 2 days/week

Languages: Dutch, French, English

We are looking for an experienced security professional to lead our threat detection capabilities. This is a hands-on role with real ownership: you will design detections that actually catch attackers, drive our threat hunting programme, and be a go-to person for continuous security improvement. You will also have the opportunity to contribute to the broader security community and help build a team around you.

What You Will Do:

  • Design, build, and maintain detection rules across SIEM and XDR platforms, with full lifecycle ownership from use case to retirement.
  • Conduct gap analyses against threat actor TTPs (MITRE ATT&CK) to identify coverage blind spots.
  • Participate in and lead incident response efforts, including containment, investigation, and remediation.
  • Run purple team exercises and breach & attack simulations to validate detection coverage.
  • Build and maintain a Detection-as-Code framework with CI/CD pipelines and version control.
  • Develop and execute threat hunting hypotheses based on threat intelligence and new attack research.
  • Translate threat intelligence feeds and reports into actionable detections.
  • Support red team, TIBER, and DORA testing as the blue team counterpart.
  • Contribute to incident response plan development and tabletop exercises.

What We Are Looking For:

  • Several years of hands-on experience in detection engineering, SOC, or CSIRT roles.
  • Deep familiarity with SIEM platforms (Sentinel, Splunk, QRadar, or similar).
  • Experience building and running SOAR playbooks and automation pipelines.
  • Solid understanding of attacker TTPs and how to operationalize threat intelligence.
  • Experience with forensics, threat hunting, and incident handling at L2/L3 level.
  • Ability to lead a team or a functional working group.
  • Active participation in the security community is a strong differentiator.
  • Trilingual candidate (Dutch, English, French).

Nice to Have:

 
  • Familiarity with OT/ICS security.
  • Python scripting for automation and tooling.
  • Involvement in inter-CSIRT coordination or security coalitions.
  • Certifications: Microsoft Security, Threat Hunting, Threat intel, CISM, CISSP.

Why This Role:

This role is built for someone who has grown from SOC analyst to detection leader, who reads detection engineering reports for fun, and who thinks in terms of attacker behaviour rather than just alert rules. 

Deel deze vacature

Powered by