CDC Content Detection Engineer

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

OUR GLOBAL CYBERSECURITY TEAM

The CMA CGM Group’s incredible growth is dramatically transforming our core business, reinforcing our leading position as an innovative, bold, and customer-oriented company, enhancing more than ever the security of its global operations. With more than 250 team members, the Group Cybersecurity Department covers all subsidiaries and entities of CMA CGM, with a global roadmap composed of 6 major domain streams (Maritime, Logistics, Ships, Terminals, Warehouses, and Subsidiaries). The Department currently monitors around 80 projects and provides through its 24/7 Operations continuous reliability. We continue building a globally structured team based in Marseilles, Beirut, Manila, Montreal, Miami, and more… 

POSITION SUMMARY

The CDC Content Detection Engineer is responsible for designing, optimizing, and continuously improving detection logic across SIEM/XDR platforms. Owns detection use cases, rule lifecycle, and MITRE ATT&CK coverage, and actively drives AI and machine learning adoption to enhance detection accuracy and reduce false positives. Works closely with SOC operations, Threat Intelligence, Purple Team, Forensics, and Automation teams to translate real-world threats into actionable, high-quality detections.           

RESPONSIBILITIES

Within the Cyber Defense Center, Cybersecurity Content Engineer will:

Contribute to CMA-CGM group Continuous Improvement of SOC Posture

• Drive continuous improvement of detection capabilities through regular evaluation of existing rules, dashboards, and use cases to identify gaps and optimization opportunities.
• Adoption of AI and advanced analytics to enhance detection accuracy, reduce false positives, and improve signal quality across the SOC.
• Design, fine-tune, and optimize detection logic by adjusting rules, thresholds, KPIs, correlations, and whitelisting to improve precision and coverage.
• Expand and maintain MITRE ATT&CK coverage, mapping existing detections and designing new use cases aligned with evolving adversary techniques.
• Continuously assess detection effectiveness and content performance, leveraging metrics and feedback from SOC operations to drive iterative improvements.
• Collaborate closely with Run, Content, Automation, Forensics, CTI and Purple Team to translate operational needs and threat intelligence into actionable detection strategies.
• Stay ahead of emerging threats, attack techniques, and defensive technologies, proactively evolving detection content and strategies.
• Mentor and support junior team members, promoting best practices in detection engineering and fostering a strong knowledge-sharing culture.
• Contribute to continuous learning initiatives, workshops, and internal knowledge-sharing sessions to strengthen team expertise and technical maturity.

AI Adoption & Advanced Detection Initiatives

• Spearhead AI adoption initiatives to enhance detection and response capabilities, driving innovation in how threats are identified and investigated.
• Leverage machine learning and advanced analytics features within the SIEM/XDR ecosystem to improve detection fidelity and reduce noise.
• Work with cross-functional teams to identify high-value AI use cases, ensuring alignment with real operational challenges and threat scenarios.
• Evaluate and experiment with emerging AI-driven security technologies, contributing to proof-of-concepts and strategic recommendations.
• Promote an AI-first mindset within the detection and content teams, helping shift from rule-based approaches to more adaptive, behavior-driven detection models.

Participate in Strategic & Technical Projects

• Participate in AI adoption initiatives to enhance detection capabilities, fostering strong cross-functional collaboration across teams.
• Contribute to security improvement projects aimed at strengthening the overall detection, response, and automation capabilities of the SOC.
• Work closely with Purple Team and Threat Intelligence teams to integrate intelligence-driven insights into SIEM content and detection engineering.
• Contribute to CI/CD pipelines and SOAR automation initiatives to improve deployment efficiency and operational scalability.
• Develop and maintain high-quality documentation (playbooks, SOPs, user guides) to support content lifecycle, build processes, and SOC operations.
• Participate in proof-of-concepts and evaluations of innovative security solutions to assess their value and integration potential.

QUALIFICATIONS

CANDIDATES MUST BE LEGALLY AUTHORISED TO WORK IN CANADA

Education: 

Bachelor’s degree in Computer Science, IT Security, or equivalent

Certifications are an asset:

• • CEH – EC-Council
  • ECSA – EC-Council
  • CompTIA CySA+
  • CIH
  • OSCP
  • Microsoft SC-200
  • SANS certifications

Knowledge & Experience: 

• SOC and detection engineering: specializing in SIEM/XDR platforms (Elastic, Microsoft Sentinel, Microsoft Defender XDR) and cloud environments (AWS, Azure, GCP).
• Expertise in detection engineering and SIEM content development: advanced use cases, correlations, dashboards, and machine learning-based detections
• Ability to leverage AI and advanced analytics to improve detection accuracy, reduce false positives, and enhance threat visibility across complex environments (Jupyter Notebook, UEBA, msticpy, datalake)
• Knowledge of cybersecurity frameworks and models, including MITRE ATT&CK, Cyber Kill Chain, and threat intelligence-driven detection design.
• Understanding of adversary techniques, attack vectors, and exploitation methods, supported by hands-on exposure to ethical hacking methodologies and offensive tools.
• Background in security operations and threat detection across endpoint, network, cloud, identity, and email attack surfaces.
• Advanced analytical, problem-solving, and critical-thinking skills, able to translate complex threats into actionable detection strategies.
• Comfortable with Python and PowerShell to support detection logic, automation design, and analysis workflows.
• Experienced in mature SOC environments, working closely with CTI, Forensics, Purple Team, and Automation teams.

We are an equal opportunity employer!

Come along on CMA CGM’s adventure !