Detection Lead

Telenor

  • Fornebu, Viken
  • Fast
  • Fulltid
  • 23 timer siden
Telenor Cyberdefence AS is a wholly owned, newly started Nordic cyber security company in the Telenor Group. Telenor Cyberdefence AS' ambition is to become a leading MSSP (Managed Security Services Provider) in the Nordic market, among other things by using Telenor's unique access to threat intelligence to support our services. In addition to delivering modern managed security services, Telenor Cyberdefence AS also offer specialist expertise through our consultancy and Offensive Security teams. We are now seeking a Detection Lead who will lead the development of scalable, high-efficacy detection content and engineering processes for our Managed Detection and Response (MDR) service, based on Microsoft Sentinel and the Microsoft Defender Suite.Key Responsibilities:
  • Responsible for the detection strategy, leveraging Microsoft Sentinel and the Microsoft Defender XDR suite, for TCD’s flagship MDR service
  • Lead a team of detection engineers focused on building and maintaining threat detection logic across diverse client environments
  • Define processes for detection lifecycle management (creation, validation, tuning, deprecation)
  • Manage multi-client detection-as-code pipelines, ensuring reliability, reusability, and scalability across the client base
  • Guide client-specific detection strategies, tuning rules and policies based on business risk, telemetry availability, and compliance needs
  • Design, implement, and maintain advanced KQL-based analytics rules, hunting queries, and custom detection logic
  • Collaborate with threat intelligence, incident response, and SOC teams to close detection gaps and reduce false positives
  • Collaborate with TCD’s Offensive Security team, and carry out purple team tests to proactively test and validate detection logic against real-world attack simulations
  • Lead proactive threat hunting campaigns across client environments
Who You Are
  • 5+ years in detection engineering, threat hunting, or SOC with an emphasis on detection strategy
  • 2+ years in a technical leadership or mentoring capacity
  • Experience working in a multi-client or MSSP environment — understanding of client separation, client-specific logic, shared telemetry platforms, and scalable solutions
  • Strong expertise in at least one detection language (e.g., Sigma, SPL, KQL, YARA)
  • Strong grasp of log telemetry sources: endpoint, cloud, identity, network, etc
  • Familiarity with infrastructure-as-code and CI/CD for detection content deployment (e.g., GitHub Actions, Terraform)
  • Excellent written and verbal communication, especially in client-facing or operational leadership contexts.
Nice To Have
  • Familiarity with SOAR integrations and response automation
  • Relevant certifications, such as BTL1, BTL2, GCIH, GMON, OSTH, SC-200
  • Experience collaborating with red teams or using purple team methodologies
We Offer:
  • A collaborative and professional work environment with strong focus on ongoing development through advanced training, certifications, and knowledge-sharing among peers.
  • Ongoing professional development through challenging projects, certifications, and collaboration with skilled colleagues
  • A visible and significant role in Telenor Cyberdefence, where you have the opportunity to make an actual difference in society
  • A job in a diverse international group of companies with many career opportunities, where you will have the possibility to develop and grow professionally
  • Competitive compensation package
  • New and modern office at Telenor Fornebu or Grimstad
If you are ready to take on this exciting opportunity, apply now and join our team!We will conduct interviews ongoing as we receive applications.For more information about the position, please reach out to:

Telenor