This website uses cookies to ensure you get the best experience.

CyberOne and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Philippines · Fully Remote

Cyber Detection Engineer

“I am hugely excited about my future and the future of CyberOne. I have enjoyed my time here immensely and have learnt a huge amount in a short space of time, year-for-year I've learnt more here than I have at Microsoft and PwC.” - CyberOne Consultant

About CyberOne:

CyberOne is a pure-play Microsoft security partner dedicated to helping enterprises realise the full value of the Microsoft Security portfolio—across Defender XDR, Sentinel, Entra, Purview, Intune, Copilot for Security and more. We combine deep technical expertise with outcome-driven services that accelerate secure cloud adoption, modernise threat protection and simplify compliance.

Job Title: Cyber Detection Engineer

Location: Remote

Employment Type: Full-time

The Role:

CyberOne helps organisations strengthen their cyber resilience through practical, expert-led security services. We work closely with clients to improve their ability to detect, investigate and respond to threats across modern cloud, hybrid and enterprise environments.

We are looking for a curious and motivated Detection Engineer with a focus on Microsoft Sentinel SIEM to join our growing security engineering team. This is a hands-on role for someone who enjoys solving problems, working with data, and building high-quality detections that help our solutions & clients identify real threats faster.

What you’ll be doing:

As a Detection Engineer, you will be focused on improving detection capability, writing and tuning analytics, working with Microsoft security tooling, and helping shape how CyberOne delivers effective, threat-led monitoring for our clients utilising across Microsoft Sentinel and related Microsoft security products.

You will work closely with security analysts, consultants, engineers and clients to turn threat intelligence, attacker behaviours and operational lessons into actionable detection content.

Your responsibilities will include:

  • Developing, tuning and maintaining threat-led detections in Microsoft Sentinel using KQL.

  • Building analytics rules, hunting queries, workbooks, automation logic and alert enrichment to improve detection and response outcomes.

  • Working with log sources across Microsoft Defender, Azure, Microsoft 365, identity platforms, firewalls, SaaS tools and other client environments.

  • Mapping detections to attacker behaviours, TTPs and frameworks such as MITRE ATT&CK.

  • Supporting the onboarding, validation and optimisation of data connectors and log sources.

  • Reducing false positives through structured tuning, baselining and feedback from SOC analysts.

  • Helping develop reusable detection content, playbooks and best-practice templates for CyberOne clients.

  • Validate new or updated content hub detection capability.

  • Collaborating with SOC analysts and incident responders to improve triage quality and investigation workflows.

  • Producing clear documentation for detections, use cases, data requirements, assumptions and response guidance.

  • Supporting client workshops and technical discussions around detection coverage, Sentinel maturity and monitoring / detection strategy.

  • Keeping up to date with emerging threats, Microsoft security capabilities and detection engineering techniques.

You will work with the freedom to suggest improvements, champion developments, and enhance how CyberOne identifies threat for all our clients.

What we’re looking for:

We are open to candidates from different backgrounds. You may already be working in detection engineering, SOC engineering, security operations, cloud security, incident response or Microsoft security consulting. You might also be an analyst who enjoys KQL, automation and improving how detections work. You should have a solid understanding of cyber security fundamentals as well as a strong interest and understanding in using data to identify suspicious behavioural patterns.

Ideally, you will be able to demonstrate experience with some of the following:

  • Hands-on experience with Microsoft Sentinel or another SIEM platform.

  • Experience writing KQL queries for detection, investigation or reporting.

  • Understanding of Microsoft Defender products, such as Defender for Endpoint, Defender for Office 365, Defender for Cloud or Defender for Identity.

  • Familiarity with Azure, Entra ID, Microsoft 365 and common cloud security log sources.

  • Knowledge of security monitoring concepts, alert logic, false positive tuning and detection lifecycle management.

  • Interest in attacker behaviours, persistence techniques, lateral movement, credential abuse and common cloud attack paths.

  • Awareness of frameworks such as MITRE ATT&CK, Cyber Kill Chain or similar.

  • Ability to document technical work clearly and explain detection logic to both technical and non-technical audiences.

  • Basic scripting or automation skills, for example PowerShell, Python, Logic Apps or similar.

  • A collaborative mindset and willingness to work with analysts, engineers, consultants and clients.

Nice to have:

The following would be useful, but they are not essential:

  • Microsoft certifications such as SC-200, AZ-500, SC-100 or SC-900.

  • Experience with Sentinel as code, CI/CD pipelines, ARM, Bicep, Terraform or Git-based content management.

  • Experience building Sentinel workbooks, playbooks or automation rules.

  • Exposure to SOAR processes and incident response automation.

  • Experience with threat hunting or purple-team-style detection validation.

  • Familiarity with Sigma, YARA, structured detection content or detection-as-code approaches.

  • Experience working in an MSSP, consultancy or client-facing security environment.

  • Knowledge of statistics, data science, AI or machine learning as applied to cyber security.

The kind of person who will succeed:

You will do well in this role if you are naturally curious, comfortable working through messy data, and motivated by improving how security teams detect real threats. You should enjoy asking “what would an attacker do?” and turning that thinking into reliable, practical detection content.

We value people who are proactive, thoughtful and willing to learn. You do not need to know everything on day one, but you should be comfortable researching unfamiliar technologies, testing ideas and improving your work based on feedback.

Why Join Us?

  • Work with cutting-edge Azure technologies and drive cloud transformation projects.

  • Be part of a dynamic team that values innovation, collaboration, and technical excellence.

  • Competitive compensation, career growth opportunities, and access to continuous learning and certifications.

  • Opportunity to work on impactful cloud initiatives across various industries.

Why CyberOne:

  • Elite positioning: Microsoft Security Partner, CREST & NCSC-certified

  • Access to cutting-edge MXDR platform & proprietary SecOps tools

  • No glass ceilings: rapid growth, fast-track leadership opportunities

  • Culture-first: bold values, open feedback, and relentless innovation

What’s In It for You:

  • Flexible working hours & remote-first culture

  • Birthday off, long-service awards

  • Bi-annual performance awards and team off-sites

  • Structured training, technical exposure, and career pathing

💡 Let’s redefine what it means to be secure. Together.

#CyberDefenders

Locations
Philippines
Remote status
Fully Remote
Philippines · Fully Remote

Cyber Detection Engineer

Loading application form

Already working at CyberOne?

Let’s recruit together and find your next colleague.

@cyberone-demo.com
Applicant tracking system by Teamtailor