Security Engineer - Detection & SOAR
Is your CV ready If so, and you are confident this is the role for you, make sure to apply asap.
To further strengthen our Security Operations team, imec is looking for a security engineer with a focus on detection engineering and SOAR who will help strengthen imec's security posture by designing high-fidelity detections, building automation that accelerates incident response, and supporting complex security investigations.
Your work directly protects imec's high-value research environment and intellectual property. You focus on threat‑informed detection engineering, continuous improvement of detection quality, and automation that enables the security operations and incident response teams to act faster and more effectively.
This role combines deep analytical work, engineering mindset, and close collaboration with security operations and incident responders.
Your responsibilities
1. Detection engineering (+/- 70%)
Design, implement, and maintain detection logic based on attacker behaviour and threat techniques, aligned with frameworks such as MITRE ATT&CK.
Apply detection‑as‑code principles, including version control, structured testing, documentation, and continuous improvement.
Continuously tune and optimize detections to reduce false positives and improve fidelity, based on security operations feedback and performance metrics.
Document detection intent, expected behaviour, assumptions, and required security operations handling steps.
Collaborate with security operations analysts, incident responders, and threat hunters to translate operational insights into new or improved detections.
You leverage AI to accelerate detection and response and explore AI‑supported automation enhancements that reduce manual workload and improve response speed.
At imec, detection engineering is treated as a lifecycle: design → deploy → measure → tune → improve.
2. SOAR engineering and automation (+/- 30%)
Design, build, and maintain SOAR playbooks that automate enrichment, triage, containment, and response activities.
Integrate security tooling, platforms, and external systems using APIs, scripting, and workflow logic.
Identify manual or repetitive security operations processes that are suitable for automation and convert them into reliable, maintainable workflows.
Ensure automation is secure, auditable, and resilient by applying appropriate safeguards and documentation.
Continuously improve automation reliability and effectiveness based on operational experience.
As part of your SOAR engineering and automation role you can be involved in 3rd‑line incident support activities such as supporting security operations analysts and incident responders explaining detection behaviour, telemetry context, and automation flows. Furthermore, you might be called upon to help determine attack scope, attacker techniques, and response priorities during advanced incidents.
What we do for you
We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will determine the society of tomorrow.
We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, “our corporate university”, we actively invest in your development to further your technical and personal growth.
We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market‑appropriate salary with many fringe benefits.
Who you are
Experience & knowledge
Bachelor’s or master’s degree in computer science, engineering, cybersecurity, or degree in another area combined with practical experience.
Foundational understanding of cybersecurity, SOC operations, and common attacker techniques.
Scripting or automation skills (e.g. Python, PowerShell, workflow‑based automation).
Experience with SIEM, detection engineering, or security monitoring platforms.
Experience designing or maintaining SOAR playbooks or orchestration workflows.
Familiarity with detection lifecycle management, tuning methodologies, or performance metrics.
Interest in using AI‑assisted security tooling to improve detection and automation outcomes.
Strong analytical skills and clear communication in English, enabling effective collaboration in a multicultural environment.
Skills & mindset
You are curious, analytical, and motivated to improve detection and response effectiveness.
You enjoy designing and implementing engineering solutions that make security operations more scalable and reliable.
You are comfortable working in complex environments where detection quality, context, and trade‑offs matter more than raw alert volume.
Following assets are considered a plus:
Experience investigating or supporting complex security incidents. xphnsxz
Some exposure to threat hunting, attacker tradecraft, or threat‑informed defense concepts.
#J-18808-Ljbffr