Cyber Threat Detection Engineer

Job Description

Whats the role Step into an exhilarating role where you'll lead the charge in detecting latest cybersecurity threats and safeguarding Shell using cutting-edge technology! The role is part of the CISO (Cyber Information Security Office) in the Information and Digital Technology organization. The Threat Detection Engineering team supports Shells CyberDefence team by developing and implementing cyber threat detection capabilities. These capabilities identify adversary tactics, techniques, and procedures (TTPs), enabling swift action on Events of Interest. Input from various CyberDefence teams, including Threat, Detect, Incident, and the Red Team, informs the detection opportunities. Threat Detection Engineering helps to recognize malicious activities in the early stage of the kill chain, providing an opportunity to intervene before significant harm occurs. What youll be doing As the Threat Detection Engineer, you will develop correlation searches and reporting capabilities that result in actionable events of interest. The detection searches created in Splunk and Sentinel must be both performant and accurate and continuously updated to adapt to the ever-changing threat landscape. Accountabilities Deliver the Threat Detection Engineering Use Case backlog Use scripting/programming languages to test Use Cases and manage git repos Develop and implement Custom of use cases that are not yet covered by existing tools and solutions Translate IoC use case requests into optimized technical implementation and translate behavioral analytics use case requests into algorithms to be deployed in CyberDefence technologies Work with the wider CyberDefence organization in understanding requirements for detection capabilities and detection logic and able to work with the CyberDefence LT to prioritize work effort Be the quality gatekeeper for all new and existing detection use cases, with a focus on minimizing false positives and rework Support and develop other CyberDefence extended team members with experience and best practices in a continuous learning environment Support activities to embed automated use case testing and validation checks What you bring Minimum 8 years IT security experience and solid engineering background Experience with solution building by secure in design principles Proven experience in coding or scripting experience in languages Proven experience in Splunk Search Processing Language (SPL), some experience with Microsoft Sentinel Kusto Query Language (KQL) preferred SC-200 and or Splunk certifications preferred Experience developing Indicators of Compromise (IoC) in Security Information & Event Management (SIEM) platforms Experience using Git repositories and knowledge of CI/CD pipelines Good technical understanding of common IT services including Azure and AWS cloud, Unix/Linux and Windows servers and client machines, database technologies, firewalls and network devices, popular application suites, etc Develops and maintains knowledge of cyber security and maintains an awareness of current developments Has excellent written and verbal communication skills and provides well-informed advice to own and others outside the core team