Security Engineer – Detection & SOAR

What you will do

To further strengthen our Security Operations team, imec is looking for a security engineer with a focus on detection engineering and SOAR who will help strengthen imec’s security posture by designing high‑fidelity detections, building automation that accelerates incident response, and supporting complex security investigations.

Your work directly protects imec’s high‑value research environment and intellectual property. You focus on threat‑informed detection engineering, continuous improvement of detection quality, and automation that enables the security operations and incident response teams to act faster and more effectively.

This role combines deep analytical work, engineering mindset, and close collaboration with security operations and incident responders.

Your responsibilities

1 .Detection engineering (+/- 70%)

You design and maintain detection capabilities as a continuous engineering discipline:

• Design, implement, and maintain detection logic based on attacker behaviour and threat techniques, aligned with frameworks such as MITRE ATT&CK.
• Apply detection as code principles, including version control, structured testing, documentation, and continuous improvement.
• Continuously tune and optimize detections to reduce false positives and improve fidelity, based on security operations feedback and performance metrics.
• Document detection intent, expected behaviour, assumptions, and required security operations handling steps.
• Collaborate with security operations analysts, incident responders, and threat hunters to translate operational insights into new or improved detections.
• You leverage AI to accelerate detection and response and explore AI supported automation enhancements that reduce manual workload and improve response speed. 

At imec, detection engineering is treated as a lifecycle: design → deploy → measure → tune → improve.

2. SOAR engineering and automation (+/- 30%)

You help scale security operations through automation and orchestration:

• Design, build, and maintain SOAR playbooks that automate enrichment, triage, containment, and response activities. 
• Integrate security tooling, platforms, and external systems using APIs, scripting, and workflow logic. 
• Identify manual or repetitive security operations processes that are suitable for automation and convert them into reliable, maintainable workflows. 
• Ensure automation is secure, auditable, and resilient by applying appropriate safeguards and documentation. 
• Continuously improve automation reliability and effectiveness based on operational experience.
• As part of your SOAR engineering and automation role you can be involved in 3rd line incident support activities such as supporting security operations analysts and incident responders explaining detection behaviour, telemetry context, and automation flows. Furthermore, you might be called upon to help determine attack scope, attacker techniques, and response priorities during advanced incidents.
  
  

What we do for you

We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will determine the society of tomorrow.

We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, 'our corporate university', we actively invest in your development to further your technical and personal growth. 

We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market appropriate salary with many fringe benefits. 

Who you are

Experience & knowledge

• Bachelor’s or master’s degree in computer science, engineering, cybersecurity, or degree in another area combined with practical experience.
• Foundational understanding of cybersecurity, SOC operations, and common attacker techniques.
• Scripting or automation skills (e.g. Python, PowerShell, workflow‑based automation).
• Experience with SIEM, detection engineering, or security monitoring platforms.
• Experience designing or maintaining SOAR playbooks or orchestration workflows.
• Familiarity with detection lifecycle management, tuning methodologies, or performance metrics.
• Interest in using AI‑assisted security tooling to improve detection and automation outcomes.
• Strong analytical skills and clear communication in English, enabling effective collaboration in a multicultural environment.

Skills & mindset

• You are curious, analytical, and motivated to improve detection and response effectiveness.
• You enjoy designing and implementing engineering solutions that make security operations more scalable and reliable.
• You are comfortable working in complex environments where detection quality, context, and trade‑offs matter more than raw alert volume.

Following assets are considered a plus:

• Experience investigating or supporting complex security incidents.
• Some exposure to threat hunting, attacker tradecraft, or threat informed defense concepts.

IMEC and its affiliates will not accept unsolicited resumes from any source other than directly from a candidate. IMEC will consider unsolicited referrals and/or resumes submitted by vendors such as search firms, staffing agencies, professional recruiters, fee-based referral services and recruiting agencies (hereafter “Agency”) to have been referred by the Agency free of charge. IMEC will not pay a fee to any Agency that does not have a prior written agreement with IMEC, validated by its HR department, in place regarding a specific job opening and allowing to submit resumes.