Threat Detection Engineer - Splunk Developer

Division: CISO

Cyber Defense Center is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, it’s supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC) which includes monitoring (Tier 1 & Tier 2) and Cyber Incident & Response Team (CIRT; Tier 3), Detection & Response Engineering Team (D&R Eng.), and Compliance and Assurance Team (C&A). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis. 

CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties. 

The Detection & Response Engineering team is comprised of –  

• Detection Engineers/Splunk Developers – who implement and maintain threat detections capabilities.  
• SOAR developers – who develop response capabilities via playbooks, automation etc.  

Role 

Candidates in this role are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform. 

Candidates will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering, and response teams, to gather and define requirements, specify clear priorities, evaluate technical tradeoffs, and build and maintain threat detection capabilities. 

The candidates’ main responsibilities will be to: 

1. Interact with the different stakeholders to gatherand define requirements for the development and testing of threat detection capabilities. 
2. Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk best practices. 
3. The development and tuning and continuous improvement of correlation rules. 
4. Develop and maintain dashboards, reports, and alerts. 
5. Create Splunk Knowledge Objects to address stakeholders needs in context of using Splunk as security tool. 
6. Prepare correlation search tests, conduct tests, and document evidence from test that shows correlation search addresses scenario described in use case. 
7. Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic 
8. Coach a team (from a technical perspective); review work outputs and provide quality assurance. 
9. Analyses and identifies areas of improvement with existing processes, procedures, and documentation. 
10. Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel. 
11. Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems. 
12. Prioritize and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features. 

Qualifications 

Technical Skills 

• In depth experience in development and maintenance of SIEM use cases 
• Fluent in Splunk’s search processing language (SPL) 
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security 
• Sound knowledge about Splunk Common Information Model (CIM) and log normalization using Data Models 
• Strong understanding of cybersecurity technologies, protocols, and applications 
• Excellent English communication skills (written and oral)  

Assets 

• Splunk Core Certified (Advanced)Power User (essential) 
• Splunk Certified Developer (nice to have) 
• Splunk Enterprise Certified Admin (nice to have) 
• Splunk Enterprise Security Certified Admin (nice to have) 
• Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)  

Soft Skills 

• Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress. 
• Strong problem solving, documentation, process execution, time management and organizational skills. 
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. 
• Fast and independent learner, with ambition to self-improve. 
• At ease in a fast-changing environment, flexible and pragmatic, open-minded 
• Accurate, acting with attention to details. 
• Client focus and delivery oriented 
• A team-focused mentality with ability to work & collaborate effectively in a team environment. 
• Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills 
• Able to work autonomously. 

ABOUT US

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

WHAT WE OFFER:

- Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.

- Practice your talents in a highly professional international environment.

- Join a learning and development environment with an emphasis on knowledge sharing and training.

- Competitive salary and comprehensive benefits.

NEW WAYS OF WORKING

Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

GREAT PLACE TO WORK FOR ALL

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.