As a Detection Engineer, your primary mission is to research, design, and build advanced detection logic to protect the Airbus ecosystem. You will move beyond simple alert monitoring to proactively identify gaps in our visibility and create robust "Detection as Code" solutions. You will be part of the Detection & Response (D&R) team, ensuring our defenses evolve as fast as the threat landscape.

The Mission

Research & Develop: Proactively research threat actor TTPs (Tactics, Techniques, and Procedures) and translate them into actionable detection rules.
Detection as Code: Utilize CI/CD frameworks to deploy, test, and maintain detection logic.
Adversary Emulation: Mimic real-world attacks in a lab environment to validate that our sensors and alerts actually work.
Continuous Improvement: Map our detection coverage against the MITRE ATT&CK framework to identify and close blind spots.

Qualification & Experience

Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field.
Experience: 4 to 8+ years of experience specifically in Detection Engineering, Threat Hunting, or Advanced SOC Analysis (L3).
Core Technical Skills: * Deep knowledge of Windows, Unix/Linux, and Cloud (AWS/GCP) telemetry.
- Proficiency in Splunk SPL and experience with Splunk Enterprise Security.
- Familiarity with detection standards: Sigma, YARA, Snort, or STIX/TAXII.
- Strong understanding of the MITRE ATT&CK framework.
Preferred: Certifications like OSCP, GCIA, GDAT, or Splunk Power User/Admin.
Mindset: A "purple team" mentality—understanding how to attack in order to better defend.

Key Responsibilities

Threat Research: Analyze latest threats and APT behaviors to improve the security detection posture.
Rule Engineering: Build and maintain security detections using a Git-based CI/CD framework.
Validation: Perform adversary emulation to test the efficacy of security controls and detection logic.
Testing: Develop specific test cases and regression tests to ensure detection reliability and reduce false positives.
Collaboration: Work with the Use Case Factory (UCF) and Business stakeholders to refine detection requirements.
Documentation: Produce high-quality technical documentation for each detection, including the "logic" behind the alert and recommended response steps for SOC analysts.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus India Private Limited

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

Cyber Security <JF-CG-ST>

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.

See more open positions at Airbus