Job Description

The Job

The Security Researcher is responsible for independently developing, validating, and

maintaining SIEM detections aligned with real-world adversary behaviors. This role

translates threat intelligence into actionable detection logic and continuously improves

detection coverage and signal quality. You will contribute directly to production-ready

detection content and help strengthen Guardsix’s detection capabilities through research-

driven insights and operational impact.

What You Will Be Doing

Design, implement, and maintain SIEM detection rules and correlation logic.

Translate threat intelligence into detection hypotheses and validate against telemetry.

Analyze logs across endpoint, network, cloud, and security devices.

Perform detection tuning to reduce false positives and improve detection fidelity.

Identify detection gaps and propose new detection use cases.

Map detections to MITRE ATT&CK techniques and maintain coverage tracking.

Develop dashboards, alerts, and reports within the SIEM platform.

Perform vulnerability analysis and integrate findings into detection strategies.

Maintain awareness of evolving threats, attacker techniques, and industry developments.

Collaborate with Product and Engineering teams to ensure detection usability and effectiveness.

Contribute to research outputs and internal threat advisories.

Document the detection lifecycle (design → validation → tuning → maintenance).

What you bring to the table

Strong ownership of detection areas with an outcome-driven mindset.Collaborative and solution-oriented approach when working across teams.

Curiosity and continuous learning attitude towards evolving threats and technologies.

Ability to clearly communicate technical decisions and detection logic.

Accountability and commitment to delivering high-quality detection outcomes.

Your skills and experience

2–4 years of experience in security research, detection engineering, or SOC operations

Hands-on experience with SIEM platforms, detection rule development, and log analysis

Proficiency in scripting languages such as Python, Bash, or PowerShell

Strong understanding of operating systems, network protocols, and security telemetry (endpoint, network, cloud, identity, email)

Familiarity with security tools (SIEM, IDS/IPS, EDR), testing tools (Wireshark, Nmap, Metasploit, OWASP ZAP), and frameworks (MITRE ATT&CK, NIST, CIS, OWASP, CVE, STIX/TAXII)