Threat Detection Engineer - Splunk Developer

Division: CISO
Cyber Defense Center is part of the Chief Information Security Officer Office. The main responsibility of the team isto reduce therisk ofEuroclear cyber threat surface by monitoringfor malicious intent targetedatEuroclearsservices its supporting assets and do thisthroughthe Cyber Threat Management (CTM) capabilities Security Operations Centre (SOC)which includes monitoring and Cyber Incident & Response Team Detection & Response Engineering includes cyber threat intelligence brand and digital footprint monitoring security incident and event monitoring cyber analytics incident management and forensic analysis.

CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders including customers oversight bodies threat intelligence providers and third parties.

The Detection & Response Engineering team iscomprised of

• Detection Engineers/Splunk Developers who implement andmaintain threat detections capabilities.
• SOAR developers who develop response capabilities via playbooksautomation etc.

Role:

• Interact with the different customers to capture and define requirements for the development and testing of the threat detection capabilities
• Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk standard processes
• The development and tuning and continuous improvement of correlation rules
• Develop and maintain dashboards reports and alerts
• Create Splunk Knowledge Objects to address customers needs in context of using Splunk as security tool
• Prepare correlation search tests conduct tests and document evidence from test that shows correlation search addresses scenario described in use case
• Responsible for the creation of procedures high-level/low-level documentation implementation of processes and development of staff in relation to SIEM detection logic
• Coach a team (from a technical perspective); review work outputs and provide quality assurance
• Analyses and identifies areas of improvement with existing processes procedures and documentation
• Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel
• Provides expert technical advice and counsel in the design monitoring and improvement of SIEM security systems
• Prioritize and coordinate backlog of threat detection requests making sure we have a healthy balance between defect resolution and new features

Qualifications:

Technical Skills:

• In depth experience in development and maintenance of SIEM use cases
• Fluent in Splunks search processing language (SPL)
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
• Sound knowledge about Splunk Common Information Model and log normalization using Data Models
• Solid understanding of cybersecurity technologies protocols and applications
• Excellent English communication skills (written and oral)!

Assets:

• Splunk Core Certified (Advanced)Power User (essential)
• Splunk Certified Developer (nice to have)
• Splunk Enterprise Certified Admin (nice to have)
• Splunk Enterprise Security Certified Admin (nice to have)
• Any other Security Certifications (e.g. CEH GIAC CISSP OSCP )

Soft Skills:

• Strong analytical skills to evaluate sophisticated multivariate problems and find a systematic approach to gain a quick resolution often under stress
• Strong problem solving documentation process execution time management and organizational skills.
• Ability to communicate sophisticated information concepts or ideas in a confident and well-organized manner through verbal written and/or visual means
• Fast and independent learner with ambition to self-improve
• At ease in a fast-changing environment flexible and pragmatic open-minded
• Accurate acting with attention to details
• Client focus and delivery oriented
• A team-focused mentality with ability to work & collaborate effectively in a team environment
• Good leadership and communication skills whether on the field in the team or with management: you are a keen standout colleague and coordinate work among people from different areas or divisions. A good relationship builder with strong diplomacy skills
• Ability to work autonomously
  

#LI-NS1