Job Title

Email - Key Responsibilities Proactively Create & Tune Detection Use-Cases (40%): Design, develop, test, and optimize new detection use-cases in the SIEM environment. Ensure detection rules are effective, efficient, and minimize false positives while maintaining high fidelity threat detection. Review & Enhance Existing Detections (10%): Evaluate current detection use-cases and implement improvements using Machine Learning, User & Entity Behaviour Analytics (UEBA), and advanced analytics techniques. MITRE ATT&CK Framework Mapping (10%): Map detection use-cases to the MITRE ATT&CK framework to assess coverage gaps, identify blind spots, and ensure comprehensive threat detection across attack lifecycle phases. Maintain Detection Engineering Documentation (10%): Regularly update threat detection playbooks, processes, standard operating procedures, and technical documentation to reflect current threat landscape and organizational changes. Collaborate with SOC Team (10%): Work closely with SOC analysts and incident responders to challenge, validate, and continuously improve detection and prevention capabilities based on operational feedback. Identify & Implement Use-Case Improvements (5%): Proactively identify gaps in SIEM coverage and implement targeted use-cases to address blind spots and emerging threats. Coordinate Log Onboarding & Data Validation (5%): Partner with log onboarding and SIEM architecture teams to validate new data sources for compliance with the Common Information Model (CIM) and optimize SIEM backend performance. Support Service Operations (5%): Collaborate with Service Operations to address operational challenges, ensure process compliance, improve documentation, and drive continuous quality improvements. Provide Governance & Operational Stability (5%): Contribute to governance initiatives related to operational stability, security standards, and best practices. Required Qualifications Education & Certifications Bachelor''s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related field from a recognized institution; OR equivalent professional experience demonstrating advanced technical competency One or more of the following certifications: CISSP, SANS GIAC Continuous Monitoring (GMON), SANS Security Essentials (GSEC), SANS GIAC Defending Advanced Threats (GDAT), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or equivalent Professional Experience Minimum 3 years of hands-on experience in SIEM use-case engineering with demonstrable technical achievements Minimum 5 years of overall cybersecurity experience in defensive security operations Proven experience working in a corporate Security Operations Centre (SOC) or similar security operational environment Experience engaging with diverse internal stakeholders, including senior management and technical teams Strong background in infrastructure and network technology fundamentals Technical Skills & Knowledge Expert-level proficiency with Splunk Enterprise Security (ES) platform Advanced experience developing and tuning detection use-cases (Correlation Searches) based on Splunk Data Models Strong ability to analyze and interpret security logs and events to identify threats and attack patterns Experience validating data sources for compliance with the Common Information Model (CIM) Proficiency in setting up, configuring, and utilizing Splunk Data Models Deep understanding of cybersecurity concepts and attack lifecycle phases Solid knowledge of the MITRE ATT&CK framework and ability to map detections to tactics and techniques Capability to create interactive dashboards, alerts, and reports in Splunk Experience with Machine Learning and Risk-Based Monitoring in Splunk (advantageous) Familiarity with SIEM architecture and backend optimization