Python Engineer (Cybersecurity background)

Our client, a Cybersecurity Company, leverages massive amounts of data to construct the valuable insights that keep our customers safe. As cyber threats evolve, so must our detection capabilities. We continuously create and refine detection rules to stay ahead of emerging threats, and these detections must be tailored to the unique environments and needs of our customers for maximum impact. We are seeking a Detection Engineer to lead efforts in automating, scaling, and assuring the quality of our detection content. Your work will directly support the delivery of high-fidelity, SIEM-ready detection rules, ensuring our customers receive timely, relevant, and actionable protection through our product platform.

Responsibilities:

• Lead the development and maintenance of CI/CD pipelines that automate the translation of Sigma rules into SIEM-native detection formats such as KQL, SPL, and ECS-based syntaxes.
• Design and implement robust validation, linting, and QA workflows to ensure the syntactic correctness, logic integrity, and coverage quality of detection rules before they are delivered to customer systems.
• Collaborate closely with detection content authors, threat researchers, and product engineering to align rule logic with attacker behaviors and customer environments.
• Contribute to a centralized detection-as-code platform that manages lifecycle, version control, testing, and release of detections to downstream products.
• Investigate new approaches to detection normalization, enrichment, and telemetry alignment that improve detection effectiveness and cross-SIEM portability.
• Provide mentorship on detection rule structure, QA practices, and platform compatibility.
  
   

Requirments:

• 2+ years of experience in detection engineering, security operations, or threat detection development, ideally within product or platform teams.
• Hands-on experience building or contributing to CI/CD pipelines (e.g., GitHub Actions, GitLab CI, CircleCI) that include automated testing, validation, and deployment.
• Strong understanding of Sigma rule format and its translation mechanisms (e.g., sigmac) into target SIEM languages such as Kusto Query Language (KQL), Splunk Processing Language (SPL), and Elastic DSL.
• Proficiency in Python or Go for automation and tool integration; experience with YAML, JSON schema, and detection-as-code practices.
• Familiarity with cloud-native detection environments (e.g., Azure Sentinel, Chronicle, Elastic Security).
• English - upper-intermediate, Ukrainian - advanced or higher

Would be a plus:

• Experience with Infrastructure-as-Code (e.g., Terraform), container orchestration (Docker/Kubernetes), or QA frameworks for content validation.

We offer:

• Flexible working format - remote, office-based or flexible
• Personalized career growth
• Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
• Active tech communities with regular knowledge sharing
• Education reimbursement
• Memorable anniversary presents
• Other location-specific benefits
  
  About us:
  N-iX is an international software development service company that helps businesses across the globe expand their engineering capabilities and develop successful software products. Founded in 2002, we have come a long way and increased our presence in eight countries spanning Europe, the US and Latin America.
  With more than 2,000 specialists, N-iX offers expert solutions in cloud computing, data analytics, machine learning, business intelligence, embedded software, and IoT, covering a wide variety of sectors including finance, manufacturing, supply chain, telecom, energy, etc.