Detection Engineer
Join us at HarfangLab, where your design expertise will contribute to our mission of securing the digital world. Together, we can make a difference in the field of cybersecurity.
Who we are?
HarfangLab is a French scale-up specializing in cybersecurity that develops EDR (Endpoint Detection and Response), EPP (Endpoint Protection Platform ), and ASM (Attack Surface Management) solutions to detect and neutralize modern cyberattacks targeting an organization’s workstations and servers. Our engines, models, and algorithms identify abnormal behaviors and either generate security alerts or block program execution.
Since our creation in 2018, HarfangLab’s technology has received strong industry recognition, earning prestigious distinctions and becoming the first EDR to be certified by ANSSI in 2020, and later the first to obtain ANSSI qualification in 2025. We are also proud to have joined the French Tech 2030 program alongside 80 other innovative French companies, at a time when cyber resilience has become a major strategic priority for Europe.
We have raised a total of €30 million, enabling us to strengthen our teams, growing from 40 employees in 2023 to 130 today, and expand internationally across Europe.
Today, HarfangLab protects the endpoints of more than 800 clients of all sizes and across all sectors: CAC 40 industrial companies, government entities, SMEs, hospitals, and local authorities. With a strong collective spirit and international ambitions, HarfangLab continues its expansion while remaining true to its original mission: protecting organizations against increasingly complex cyber threats while enabling clients to retain full control over their data.
Why are we hiring?
The company's growth continues, and our ecosystem of technology partners is expanding day by day. We are receiving more and more requests to integrate our product with other cybersecurity solutions.
What you will do with us?
As a Detection Engineer, you will be responsible for improving our EDR detection capabilities by transforming threat intelligence into actionable detections. You will continuously monitor the threat landscape, design and maintain Sigma and YARA rules, validate detection quality, and identify opportunities to strengthen the product against new attack techniques.
Continuously monitor the threat landscape and analyze emerging threats, malware, and attacker techniques.
Design, develop, and maintain detection content, primarily Sigma rules for behavioral detections and YARA rules for malware identification.
Validate, tune, and monitor detection rules to ensure their effectiveness while minimizing false positives.
Research new detection opportunities and prototype improvements to strengthen the EDR detection engine.
Develop internal tools and automation to accelerate threat research and detection engineering workflows.
Contribute to threat reports, blog posts, and internal or external communications on the evolving threat landscape.
Provide technical guidance and expertise to selected customers when required.
About you
Soft Skills
Strong interest in cybersecurity and Cyber Threat Intelligence.
Reliable, diligent, and collaborative.
Curious, proactive, resourceful, and able to work autonomously.
Passionate about learning, sharing knowledge, and discussing technical topics.
Hard Skills
At least 2–3+ years of hands-on experience in Cyber Threat Intelligence, Detection Engineering, Malware Analysis, or a related cybersecurity field.
Proficient in Python with working knowledge of Rust and/or C.
Strong understanding of Windows, Linux, and ideally macOS internals.
Experience in system and/or network administration.
Good knowledge of attack techniques and adversary tradecraft.
Hands-on experience in malware reverse engineering.
Experience creating and maintaining detection rules (YARA, Sigma, IDS/IPS, EDR detections). This is a key requirement for the role.
Fluent in French and English.
Familiar with AI-powered tools and their application to CTI activities.
Bonus Skills
Incident Response experience.
Red Team / Penetration Testing experience.
Blue Team / SOC experience.
Experience tracking threat actors and producing actionable threat intelligence.
What you can expect from your future team?
You will evolve inside a team of 7 people who are very keen to continuously make sure the product is able to efficiently detect cyberthreats. Like every team at HarfangLab, we have a lot of autonomy, and we have great confidence in our colleagues. You will also be able to drive your own projects based on your preferences.
About us
Our office and Team Life:
Offices located in the heart of Paris, near Bourse (75002),
High-quality equipment based on preferences and needs (PC, Mac, additional screens, etc.),
Thanks to our Office Manager, we regularly organize events such as seminars, happy hours, themed evenings, and more,
An onboarding process to welcome each new colleague with an explanation of the roles and a mentor to support you during your early days!"
A great team that always seeks to improve their skills
And more:
An attractive package: Base salary 45 K€ to 57 K€ + profit sharing,
Flexible remote work options,
A mentor to guide you throughout your probationary period,
Health insurance: The best health insurance with Alan,
Meal vouchers: We use the Swile card and also have access to a discount platform through our works council,
7 to 11 additional days off (RTT) per year, in addition to the 25 days of paid vacation.
GymLib subscription, covered 80% by HarfangLab,Access to training and events of your choice and according to your professional needs.
Le processus de recrutement
A 30-minutes Visio with our Talent Acquisition Specialist
A 30 minutes Visio with the lead
A test to assess your skills
A 1,5 hour on-site interview including a teamfit
A final HR video appointment to review your soft skills and motivations.
- Département
- CTI
- Role
- CTI
- Locations
- Paris
- Remote status
- Hybrid
About HarfangLab
HarfangLab is a European cybersecurity scale-up that develops EDR (Endpoint Detection and Response), EPP (Endpoint Protection Platform), and ASM (Attack Surface Management) software to detect and neutralize modern cyberattacks targeting an organization’s workstations and servers. Our engines, models, and algorithms identify abnormal behavior and generate security alerts or block program execution.
Since our founding in 2018, HarfangLab’s technology has received broad recognition, winning prestigious awards and becoming the first EDR to be certified by ANSSI in 2020, then the first to obtain ANSSI qualification in 2025. HarfangLab’s EDR is also the first to obtain BSZ certification from BSI, which refers to the federal authority for cybersecurity in Germany.
We raised a total of €30 millions, enabling us to strengthen our teams and expand internationally across Europe. In just three years, HarfangLab’s workforce has nearly tripled, while maintaining a majority of technical profiles dedicated to R&D and continuous product improvement.
Today, HarfangLab protects the endpoints of more than 800 customers of all sizes and across all sectors, including CAC 40 industrial companies, government entities, SMEs, hospitals, and local authorities. With a strong collective mindset and international ambitions, HarfangLab continues to expand while remaining true to its original mission: to protect organizations against increasingly complex cyber threats while enabling customers to retain control over their data.