Key Responsibilities

• Threat-Informed Detection Engineering
  • Convert Red Team and adversary simulation insights into formal detection enhancements
  • Map detections to MITRE ATT&CK, define telemetry requirements, and validate log sources & enrichments (ASIM-aligned where applicable)
  • Perform post-engagement gap analysis, prioritize fixes in a transparent detection backlog
  • Ensure each finding results in:
    • Improved/validated use case (KQL logic + entity mapping + suppression)
    • Updated triage guidance and analyst notes
    • Logic Apps playbook enhancement (if applicable)
    • Re-testing with Red Team
• Full Use Case Development & Improvement Lifecycle
  • Design: data requirements, ASIM mapping, entity model, severity, rationale, ATT&CK coverage
  • Build: KQL logic, enrichment (watchlists/UEBA/context), suppression thresholds, incident settings
  • Test: ...