#1 Job Board for tech industry in Europe

  • Job offers
  • Threat Detection Engineer - Splunk Developer
    Security

    Threat Detection Engineer - Splunk Developer

    Kraków
    Type of work
    Full-time
    Experience
    Senior
    Employment Type
    Permanent
    Operating mode
    Hybrid

    Tech stack

      Splunk

      master

      Cybersecurity

      advanced

      IT Security

      advanced

    Job description

    Online interview
    Friendly offer

    Division: CISO


    Cyber Defense Center is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, it’s supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC) which includes monitoring (Tier 1 & Tier 2) and Cyber Incident & Response Team (CIRT; Tier 3), Detection & Response Engineering Team (D&R Eng.), and Compliance and Assurance Team (C&A). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis. 

    CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties. 

    The Detection & Response Engineering team is comprised of –  

    • Detection Engineers/Splunk Developers – who implement and maintain threat detections capabilities.  
    • SOAR developers – who develop response capabilities via playbooks, automation etc.  


    Role 

    Candidates in this role are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform. 

    Candidates will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering, and response teams, to gather and define requirements, specify clear priorities, evaluate technical tradeoffs, and build and maintain threat detection capabilities. 

    The candidates’ main responsibilities will be to: 

    1. Interact with the different stakeholders to gatherand define requirements for the development and testing of threat detection capabilities. 
    2. Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk best practices. 
    3. The development and tuning and continuous improvement of correlation rules. 
    4. Develop and maintain dashboards, reports, and alerts. 
    5. Create Splunk Knowledge Objects to address stakeholders needs in context of using Splunk as security tool. 
    6. Prepare correlation search tests, conduct tests, and document evidence from test that shows correlation search addresses scenario described in use case. 
    7. Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic 
    8. Coach a team (from a technical perspective); review work outputs and provide quality assurance. 
    9. Analyses and identifies areas of improvement with existing processes, procedures, and documentation. 
    10. Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel. 
    11. Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems. 
    12. Prioritize and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features. 


    Qualifications 


    Technical Skills 

    • In depth experience in development and maintenance of SIEM use cases 
    • Fluent in Splunk’s search processing language (SPL) 
    • Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security 
    • Sound knowledge about Splunk Common Information Model (CIM) and log normalization using Data Models 
    • Strong understanding of cybersecurity technologies, protocols, and applications 
    • Excellent English communication skills (written and oral)  


    Assets 

    • Splunk Core Certified (Advanced)Power User (essential) 
    • Splunk Certified Developer (nice to have) 
    • Splunk Enterprise Certified Admin (nice to have) 
    • Splunk Enterprise Security Certified Admin (nice to have) 
    • Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)  


    Soft Skills 

    • Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress. 
    • Strong problem solving, documentation, process execution, time management and organizational skills. 
    • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. 
    • Fast and independent learner, with ambition to self-improve. 
    • At ease in a fast-changing environment, flexible and pragmatic, open-minded 
    • Accurate, acting with attention to details. 
    • Client focus and delivery oriented 
    • A team-focused mentality with ability to work & collaborate effectively in a team environment. 
    • Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills 
    • Able to work autonomously. 



    ABOUT US


    Why join us


    Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

     

    WHAT WE OFFER:


    - Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.

    - Practice your talents in a highly professional international environment.

    - Join a learning and development environment with an emphasis on knowledge sharing and training.

    - Competitive salary and comprehensive benefits.

     

    NEW WAYS OF WORKING


    Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

     

    GREAT PLACE TO WORK FOR ALL


    We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

    Check similar offers

    Information Security Manager

    New
    CodeTwo - HRejterzy
    15K - 25K PLN
    Jelenia Góra
    , Fully remote
    Fully remote
    Information Security

    SAP Security (ETD) Product Owner

    New
    Bosch Polska
    Undisclosed Salary
    Warszawa
    product owner
    SAP
    SAP ETD

    IT Risk Engineer for SaaS Solutions

    New
    ING Hubs Poland
    Undisclosed Salary
    Katowice
    AI
    IT Risk Management
    SAS

    IT Security Specialist (SoD)

    New
    ERGO Technology & Services
    Undisclosed Salary
    Gdańsk
    English
    IAM

    Threat Hunter/Cybersecurity Analyst

    New
    CQURE
    10K - 11K PLN
    Warszawa
    Cybersecurity
    English
    Azure