Threat Detection Engineer



Cybereason AI-Driven XDR Platform provides predictive prevention, detection and response that is undefeated against modern ransomware and advanced attack techniques.

View company page

Cybereason's mission is to ‘protect it all’ – delivering unparalleled prevention, detection, investigation, and response for all endpoints: workstations, laptops, mobile devices and more
Our cyber-defence solutions combine machine learning and AI to analyze threats, connecting huge volumes of data to reveal cyber-attacks and shut them down, as well as block intrusion of known and unknown threats. With our latest offerings, we can also seamlessly automate detection and prevention across traditional endpoints as well as mobile devices.

Since entering the Japan market in 2016, we have seen tremendous growth, now holding #1 market share. We are constantly evolving and hope to expand our team with daring individuals that never give up!

As a Threat Detection Engineer, you will be instrumental in the creation, testing, tuning and deployment of threat detections, evaluating their security value, analyzing and assigning the detection to the MITRE attack framework, and streamlining the delivery of security services across the entire scope of our company. You will be required to communicate complex detection capabilities to both technical teams and non-technical senior executives and customers, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.

What you will do

  • Create and research new ways to tie event telemetry together in new and valuable ways
  • Develop, debug and deploy detections
  • Continually find ways to streamline processes and re-use of code
  • Parse various types of log events into standardized formats regardless of the availability of vendor documentation
  • Find creative ways to correlate events that are otherwise indirect
  • Produce detection and process documentation
  • Collaborate with Global SOC, IR and product related teams on progress or issues
  • Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
  • Work to ingest disparate data sources to enrich existing detection set
  • Provide mentoring and collaboration with other team members

Key Performance Indicators (KPIs)

  • Sense of urgency for high priority deliverables
  • Quality and standardization of code
  • Impact of contributions to Cybereason Security Services performance in the form of improvements to:
  • Detection deployment timelines
  • Enrichment and tuning of detections, increasing quality
  • Demonstration of creativity and security value
  • Adaptability to new processes and technologies


What we are looking for

  • 4+ years of relevant experience in the cybersecurity industry, particularly in the areas of detection engineering, red/blue teaming, cyber threat groups, existing attack methods and their resulting log patterns
  • 4+ years of experience with query syntax and usage, particularly those applying to log files (Splunk, YARA-L, OPAL, SQL, etc) - simple and complex joins and aggregations
  • Foundational understanding of computer networking and modern computer architecture/operating systems
  • Familiarity with network and security control products (firewalls, auth systems, MFA, cloud) and vendor and industry standard event logging formats (syslog, CEF, etc)
  • Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain frameworks
  • Background and experience in at least 3 of 6 areas is required:
    ・Cyber Threat Intelligence - OSINT, Dark Web, or research
    ・Digital Forensics & Incident Response (DFIR)
    ・Detection Engineering (in support of EDR/XDR/MDR platforms)
    ・SOC operations and analysis
    ・Malware analysis & reverse engineering

More about working at Cybereason Japan

Our Tokyo and Osaka offices are open, highly supportive and fun! To support you at work, we provide flexible work-life management policies, plenty of food and drinks, paid-leave for supporting your family and health, 401k, fun monthly events such as Premium Fridays and “Lunch & Learn”, as well as career support. You’ll have a chance to work in cooperation with a growing team of over 600 people (and growing!) with teams in Tel Aviv, Boston and other locations around the world.

「働きがいのある会社」として認定 / Great Place to Work® Certified

サイバーリーズン・ジャパンは、Great Place to Work® から、働きがいのある会社であることを認める「働きがい認定」企業として選出されました。 詳細や認定企業一覧はこちらをご参照ください。

Cybereason Japan has been selected and certified by Great Place to Work® as an employee-validated great workplace. Click here for details and a list of certified companies.

Please follow us! FacebookTwitterLinkedIn

More About Cybereason:


Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.

Core Values:

  • Win As One: The power of an individual is less than the power of a team.
  • Ever Evolving: Change keeps us at the forefront, so we encourage it.
  • Daring: To achieve the impossible, we must dare to be different.
  • Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
  • Never Give Up: We are tenacious and resilient, and we never stop.
  • UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.

If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  5  1  0

Tags: Cloud Cyber Kill Chain DFIR EDR Firewalls Forensics Incident response KPIs Log files Machine Learning Malware MITRE ATT&CK Open Source OSINT Reverse engineering SOC Splunk SQL Threat detection Threat intelligence Vulnerabilities XDR

Perks/benefits: Career development Flex hours Startup environment Team events

Region: Asia/Pacific
Country: Japan

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.