Senior DFIR & Detection Engineer - Sekoia.io

Key Responsibilities

• Own the DFIR methodology for the AI‑driven SOC automation module, translating investigative tradecraft into actionable detection logic.
• Design, implement, and maintain detection agents and playbooks that integrate with SIEM and endpoint platforms.
• Develop and refine YARA rules, forensic parsers, and automation scripts using Python for Windows and Linux environments.
• Collaborate with the Threat Detection and Response (TDR) team to conduct deep threat research and validate detection hypotheses.
• Provide technical guidance and mentorship to junior engineers on forensic analysis, incident response, and automation best practices.

Requirements

• 5+ years of hands‑on experience in digital forensics, incident response, and detection engineering.
• Strong programming skills in Python and familiarity with Linux/Windows forensic tooling.
• Proven experience building detection logic, YARA rules, and automation for SIEM or SOC platforms.
• Solid understanding of machine‑learning concepts applied to threat detection and automation.
• Excellent analytical, problem‑solving, and communication skills, with a passion for continuous threat research.