Cyber Security Detection Engineer

Key Accountabilities

• Design, implement, and maintain security detection mechanisms using Splunk and KQL.
• Simulate threat actor TTPs in a lab environment to validate detection capabilities.
• Collaborate with threat intelligence teams to stay updated on emerging threats and best practices.
• Develop and execute detection use cases to identify potential security incidents.
• Analyze security events and alerts to determine severity and potential impact.
• Provide recommendations for improving detection and response strategies.
• Assist in the administration of SIEM platforms, particularly Splunk and Microsoft Sentinel.

Requirements:

• At least 5 years of relevant experience
• Experience in a SOC environment (preferably)
• Proficiency in Splunk and KQL query writing.
• Strong understanding of threat actor TTPs and experience in simulating them in a controlled environment.
• Offensive security knowledge is a plus, with relevant certifications such as OSCP, CPTS, PNPT, ePPT, or ePTX.
• Experience with SIEM administration, particularly with Splunk and Sentinel.
• Excellent analytical and problem-solving skills.
• Strong communication and teamwork abilities.