Role DescriptionAs a Threat Detection Engineer, you will be a key member of a high-performing team responsible for security detection and monitoring capabilities and strategy.
The team works to proactively prevent, detect and respond to threats before they impact SMBC.
This position includes mastery of a wide range of security detection and monitoring technologies (both cloud and on-premise) with a focus on ensuring optimal performance, building out new detection and coverage capabilities, and maintaining continuous monitoring and tuning.
The successful candidate will execute detection engineering with minimal guidance.
Role Objectives• Develop and maintain efficient data ingestion pipelines for collecting security-related data from various sources (both cloud and on-premise).• Liaise with threat intelligence team to proactively develop new detection rules and strategies and incorporate indicators of compromise into detection mechanisms.• Utilize cutting-edge security tools, threat intelligence feeds, and advanced analytics to monitor and detect cyber threats targeting the bank's infrastructure and digital assets.• Collaborate closely with security analysts, incident responders, and other cross-functional teams to swiftly investigate and mitigate identified threats, minimizing potential impact.• Develop and fine-tune detection rules, signatures, and behavioral patterns to enhance the bank's ability to identify anomalous and malicious activities.• Stay informed about the latest cyber threats, attack methodologies, and vulnerabilities to ensure the bank remains resilient against evolving risks.• Collaborate with internal teams to ensure security measures are seamlessly integrated into new projects, systems, and applications.• Contribute to the continuous improvement of security monitoring processes and technologies to enhance the bank's ability to detect and respond to threats in real-time.• In-depth knowledge of cloud environments including log aggregation via infrastructure as code.• Continuously fine-tune and optimize detection rules and algorithms to reduce false positives and enhance the accuracy of alerts.
• Ensure that threat detection mechanisms align with compliance standards and frameworks.• Maintain and create documentation in support of detection and response capabilities and processes.• Assess the effectiveness of cybersecurity measures.
Qualifications and Skills• 3+ years of relevant experience• Experience with log analysis from multiple sources• Automation skills• Experience with cloud SIEM, UEBA, EDR and/or other detection technologies• Ability to use logic and reasoning to identify solutions and improvements to manual/inefficient processes and tasks• Experience of building detection as code pipelines• Experience mapping detections to the MITRE framework• Expertise in query languages• Strong troubleshooting ability• Ability to balance operational tasks with project work• Expertise of Windows and Linux operating systems• Ability to translate threat intelligence into actionable detection logic• Experience in other areas of Cyber Security an advantage• Work effectively and collaboratively in a global team environment• Strong sense of self-ownership and attention to detail