threat detection engineer

what is CRED? CRED is an exclusive community for India’s most trustworthy and CREDitworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better" what you will do ?

work across a diverse information security domain, with a strong focus on threat detection, response, and security telemetry across infrastructure, cloud, and data

identify and investigate security threats (internal and external), partner with stakeholders on remediation, and design preventive controls for recurring or systemic issues

design, build, and continuously improve high-fidelity detection use cases across cloud, endpoint, identity, and network telemetry

formulate new detection ideas based on adversary research, emerging attack techniques, industry incidents, and threat intelligence

lead and participate in incident response, performing root-cause analysis and driving preventive improvements post-incident

develop and enhance the CRED’s detection, monitoring and response capabilities

automate incident response workflows using playbooks and orchestration to reduce manual effort

build in-house security analytics solutions using open source tools (log parsing, event correlation and threat detection)research/conduct threat hunting operations using known adversary tactics, techniques and procedures to detect advanced threats

assist with creating security awareness and maintaining prudent security engineering culture within an organization

enable compliance in teams and help them achieve some of the industry’s best practices (e.g. PCI DSS, ISO 27001)

you should apply if you have:

2 to 6 years of experience in information security with a strong focus on threat detection and response

hands-on experience detecting and responding to threats across cloud (aws preferred), endpoint (windows/linux/macOS), and network telemetry

exposure to EDR, IDS/IPS, and SIEM / centralized logging platforms (splunk, ELK, sentinel, or similar), including building high-fidelity detection pipelines

proficiency in at least one programming or scripting language (python, go, or bash)

solid understanding of MITRE ATT&CK, cyber kill chain, and diamond model

ability to design and tune detection rules using MITRE ATT&CK and threat intelligence with a focus on signal quality

experience with threat hunting, automation and enrichment, regex creation, and false-positive reduction

experience handling the complete incident response lifecycle, from detection through remediation and reporting

strong data-driven mindset with the ability to influence both technical and non-technical stakeholders

ability to act as a go-to person, communicating clearly with engineering, product, and business teams

proactive approach to staying current with security news, breach reports, tools, and attacker research

strong learning agility and passion for exploring diverse security domains, demonstrated via github, blogs, research, or talks

exposure to the AI-driven threat landscape, digital forensics, or malware analysis is a strong plus

note: This is an engineering-driven threat detection role. You will treat detection and response as software building and owning detection logic, enrichment pipelines, automation, and signal quality from end to end. This is not a traditional soc role focused only on alert monitoring.