Solutions Engineer - Threat Detection Engineer/Splunk Enterprise

Solutions Engineer - Threat Detection Engineer/Splunk Enterprise Job Description: 1 year contract (renewable, subjected to approval) Location: Hybrid Work Arrangement / Office at Jurong East Salary Range: Up to $10,000 Description: We are seeking a highly skilled Threat Detection Engineer to join our team. In this role, you will be responsible for overseeing the engineering, development, and maintenance of threat detection use-case scenarios within our SIEM (Splunk ES). You will also be involved in developing custom rules in the EDR (CrowdStrike) to swiftly detect potential threats and attacks. Additionally, you will play a crucial role in creating transparency of existing detection capabilities by mapping them to the MITRE ATT&CK framework. Responsibilities: Support in planning and executing regional IT Infrastructure strategy aligned with company strategy. Proactively create, test, and tune new detection use-cases in the SIEM and custom rules in the EDR. Review and enhance existing detection use-cases using techniques such as Machine Learning or User & Entity Behavior Analytics (UEBA). Map detection use-cases to the MITRE ATT&CK framework to determine SIEM monitoring coverage. Perform regular updates to threat detection engineering playbooks, processes, and documentation. Collaborate closely with the SOC to challenge detection and prevention capabilities. Identify and implement SIEM use-cases that address blind spots. Coordinate with the log onboarding team and SIEM architect to validate new log sources onboarded for compliance and improve performance on the SIEM backend. Collaborate with the Service Operations team to address challenges, process fulfillment, documentation, and improvement of Service Operations Quality. Provide governance on topics related to operational stability. Qualifications: Specific Knowledge: Intense knowledge in using Splunk Enterprise Security (ES). Intense knowledge in developing and tuning detection use-cases (Correlation Searches) in Splunk based on Data Models. Experience in Machine Learning and Risk-Based Monitoring in Splunk is an advantage. Ability to analyze and interpret security logs and events to identify potential threats and attack patterns. Experience in validating data source compliance using the common interface model (CIM). Experience of setting up and utilizing data models in Splunk. Deep understanding of cybersecurity concepts to create detection use-cases targeting various phases of the attack lifecycle. Understanding of MITRE ATT&CK framework and detections of various tactics and techniques. Experience and capable of creating interactive dashboards, alerts, reports in Splunk. Experience: At least 3 years of experience with demonstrable skillsets in SIEM use-case engineering, with over 5 years of experience in cybersecurity. Previous relevant experience working in a security operational role, ideally within a Corporate, Military, or Police environment; engaging with and responding to a diverse array of internal stakeholders, including senior management. Have good emotional intelligence and is a proven team player. Rational and calm under pressure. Fluency in the English language. Effective oral and written communication skills. Good timekeeping ability to cope with a tight deadline and achieve operational objectives. Self-motivated with the ability to carry out assigned tasks with minimum supervision. Please submit your updated resume in Word format by using the Apply Now Button. We regret that only shortlisted candidates will be notified. Email resume to tiffany@peopleprofilers.com #J-18808-Ljbffr