As a part of the Detection and Response's Engineering and Onboarding team, you will deliver end-to-end detection engineering expertise.
You will perform detection threat hunts, and research threat actors and their techniques, responsible for developing, testing, and maintaining detection logic for various SIEM and EDR technologies.
You will also support projects and BAU uplift initiatives, in uplifting our detection capabilities.
Your key responsibilities will include: - Leading detection threat hunts based on threat intelligence and ongoing red/purple team engagements, to validate existing security controls and custom detections and inform future detection engineering activities - Leverage technologies such as Splunk Enterprise Security (especially Risk Based Alerting), Microsoft Defender for Endpoint and AttackIQ to develop, test, deploy and maintain custom detections.
- Work collaboratively across the broader Detection & Response teams and project teams, to improve our detection capabilities and improving our processes - From time to time, contribute to active incidents What is in it for me?
You will play an important and significant part in the future of a business that has been around for 200 years.
Our vision is to become one of the world's great service companies.
So, we will back you in the development of your career, with internal career prospects and flexible working.
You will also be backed by a fantastic team of people in a can-do, supportive structure.
What do I need?
As the successful candidate your experience will ideally come from a SOC environment and/or detection engineering role.
You will have a working understanding of the cyber detection engineering lifecycle, from research and development, to testing, deployment, and maintenance of detection logic.
- Intermediate experience with Splunk Enterprise Security and its components (Splunk RBA, Splunk Threat Intelligence Framework etc.)
- Intermediate experience with Microsoft 365 Defender and Azure Sentinel is highly desirable, including development of KQL for custom detection rules and policy configuration.
- Intermediate experience with AttackIQ and scripting attacker techniques - Understanding of security architecture and controls, their capabilities, and limitations.
* Awareness of major cyber threats in the global landscape, threat actors and their techniques, tools, and procedures.
- Awareness of cyber security frameworks such as Cyber Kill Chain, MITRE ATT&CK and MITRE D3FEND.
You will also be responsible for producing clear and concise documentation, for both technical and non-technical stakeholders.
This role requires strong communication skills and the ability to work both collaboratively with other teams and project teams, as well as working independently Any relevant industry certifications such as a Degree in Cyber Security, Splunk and/or Microsoft Security is also welcomed.
By clicking 'apply', you give your express consent that Robert Half may use your personal information to process your job application and to contact you from time to time for future employment opportunities.
For further information on how Robert Half processes your personal information and how to access and correct your information, please read the Robert Half privacy notice: https://www.roberthalf.com/au/en/privacy .
Please do not submit any sensitive personal data to us in your resume (such as government ID numbers, ethnicity, gender, religion, marital status or trade union membership) as we do not collect your sensitive personal data at this time.