# Threat Detection - COOP **Company:** [COGNNA](http://jobs.workable.com/companies/aydG9Ro7dyw3ZVzTVH8fxU.md) **Location:** Riyadh, Saudi Arabia **Workplace:** on site **Employment type:** Temporary **Department:** Threat Detection [Apply for this job](http://jobs.workable.com/view/e5575af5-bbe6-4972-acbb-bda528fafd9c) ## Description As **a Threat Detection COOP** at COGNNA, youโ€™ll design high-impact detection strategies, build powerful automation, and elevate SOC operations to a world-class standard. Youโ€™ll also mentor rising cyber talent and collaborate with teams across threat intel, incident response, and platform engineering. **๐Ÿ” Advanced Threat Detection Engineering** - Build high-fidelity correlation rules and behavioral detections within the COGNNA security platforms. - Translate adversary TTPs (MITRE ATT&CK), threat intel, and vulnerability data into actionable logic. - Identify detection gaps and introduce new data sources to cover evolving threat landscapes. - Automate detection testing and maintain detection quality over time. **โš™๏ธ Platform Engineering & Optimization** - Lead architecture and optimization of XDR, SIEM, and SOC tech stacks for scale and resilience. - Streamline log ingestion pipelines โ€” from parsing to normalization and enrichment. - Build scripts and automations (Python, PowerShell) to enhance SOC efficiency. - Integrate tools across the SOC stack to enable seamless workflows and response. **๐Ÿ•ต๏ธโ€โ™‚๏ธ Threat Hunting & Incident Response** - Collaborate with intel and IR teams to enrich detection use cases and support threat hunts. - Provide Tier-3+ support for incident investigations and post-mortem analysis. **๐Ÿ‘ฅ Mentorship & SOC Maturity** - Improve SOC playbooks, SOPs, and detection engineering workflows. - Stay updated on global and regional threats โ€” and evolve detection accordingly. - Ensure compliance alignment (e.g., NCA ECC, SAMA CSF). ## Requirements **Minimum Requirements (Must Haves):** - **Education:** Currently enrolled in their final year of a Bachelorโ€™s degree in Computer Science, Cybersecurity, Information Technology, or a closely related field, with graduation planned within or immediately following the 6-month co-op. - **Foundational Security Knowledge:** Basic understanding of cybersecurity concepts, including common attack vectors, the Windows/Linux operating system internals, and network protocols. - **Programming/Scripting Basics:** Familiarity with writing simple scripts in Python or PowerShell to automate repetitive tasks or parse data. - **Log & System Familiarity:** Basic understanding of what logs are (e.g., Windows Event Logs, Syslog) and an interest in how they are collected and analyzed. - **Duration:** Availability to commit to a full-time (or near full-time, depending on university rules) 6-month continuous Co-op assignment. **Preferred Qualifications (Nice to Haves / Big Plusses):** - **Framework Familiarity:** Conceptual knowledge of the MITRE ATT&CK framework and how it maps to adversary behaviors. - **Hands-on Exposure:** Previous experience using SIEM/XDR platforms, or building a home lab (e.g., Splunk, Elastic, Wireshark). - **Regulatory Awareness:** A general awareness of cybersecurity frameworks or local compliance standards (like NCA ECC or SAMA CSF). - **Soft Skills:** Strong analytical mindset, a high level of curiosity to dig into threat trends, and excellent written documentation skills. ## Benefits ๐Ÿš€ **Impact that Matters** โ€“ Build products that shape the future of cybersecurity and protect organizations globally. ๐Ÿข **On-Site Collaboration** โ€“ Be at the heart of innovation in our Riyadh office, working side by side with passionate experts. ๐Ÿ’ก **Continuous Growth** โ€“ Access to certifications, trainings, and opportunities to sharpen your expertise. ๐Ÿค **Culture of Trust** โ€“ We empower talent, encourage ownership, and celebrate real outcomes.