Security Engineer – Detection Engineering

What you will do

Your work directly protects imec’s high value research environment and intellectual property. You focus on threat informed detection engineering, continuous validation and improvement of detection quality, and selective automation that enables the security operations and incident response teams to act faster and more effectively.

This role combines a deep analytical work, a strong engineering mindset, and close collaboration with security operations and incident responders.

As part of the role, you may contribute to 3rd line incident support activities, such as explaining detection behaviour, telemetry context, and automation flows, and assisting with determining attack scope, techniques, and response priorities during complex incidents.

Your responsibilities

1. Detection engineering (+/- 75%)

You design and maintain detection capabilities as a core, continuous engineering discipline:

• Design, implement, and maintain high quality detection logic based on attacker behaviour and threat techniques, aligned with frameworks such as MITRE ATT&CK.
• Apply detection as code principles, including version control, structured testing, documentation, and continuous improvement.
• Continuously tune and optimize detections to reduce false positives and improve fidelity, based on security operations feedback and measurable performance metrics.
• Document detection intent, expected behaviour, assumptions, limitations, and required security operations handling steps.
• Collaborate closely with security operations analysts, incident responders, and threat hunters to translate operational insights into new or improved detections.
• Leverage AI to support detection development, analysis, and prioritisation, and explore AI supported enhancements that improve detection quality and analyst efficiency.

As part of this role, you may contribute to 3rd line incident support activities, such as explaining detection behaviour, telemetry context, and automation flows, and assisting with determining attack scope, techniques, and response priorities during complex incidents.

At imec, detection engineering is treated as a lifecycle: design → deploy → measure → tune → improve.

2. Automation & SOAR support (+/- 25%)

You support scalable security operations by contributing to automation where it adds clear value:

• Contribute to the design, build, and maintenance of SOAR playbooks that support detection driven triage, enrichment, and response activities.
• Integrate security tooling and platforms using APIs, scripting, and workflow logic to support detection and investigation workflows.
• Identify manual or repetitive tasks within detection and response processes that can be safely and effectively automated.
• Ensure automation is secure, auditable, well documented, and aligned with operational needs.
• Improve automation reliability and usability based on operational experience and feedback.

What we do for you

We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will define the society of tomorrow.

We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, 'our corporate university', we actively invest in your development to further your technical and personal growth. 

We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market appropriate salary with many fringe benefits. 

Who you are

Experience & knowledge

• Bachelor’s or master’s degree in computer science, engineering, cybersecurity, or a related field, or equivalent practical experience.
• Strong foundational understanding of cybersecurity, SOC operations, and attacker techniques.
• Experience with detection engineering, SIEM platforms, or security monitoring systems.
• Familiarity with detection lifecycle management, tuning methodologies, and effectiveness metrics.
• Scripting or automation skills (e.g. Python, PowerShell, or workflow based automation).
• Experience with SOAR or security automation is a plus, but not the primary focus of the role.
• Interest in using AI assisted security tooling to improve detection and analyst effectiveness.
• Strong analytical skills and clear communication in English, enabling collaboration in a multicultural environment.

Skills & mindset

• You are curious, analytical, and motivated to continuously improve detection quality and coverage.
• You enjoy solving complex problems and translating attacker behaviour into effective detections.
• You prioritize context and high quality signals over alert volume, and you work effectively with an MSSP as a trusted partner to continuously improve detection and response within a hybrid SOC model.

Following assets are considered a plus:

• Experience investigating or supporting complex security incidents.
• Exposure to threat hunting, attacker tradecraft, or threat informed defense concepts.

IMEC and its affiliates will not accept unsolicited resumes from any source other than directly from a candidate. IMEC will consider unsolicited referrals and/or resumes submitted by vendors such as search firms, staffing agencies, professional recruiters, fee-based referral services and recruiting agencies (hereafter “Agency”) to have been referred by the Agency free of charge. IMEC will not pay a fee to any Agency that does not have a prior written agreement with IMEC, validated by its HR department, in place regarding a specific job opening and allowing to submit resumes.