We drive the transformation of the financial markets. That’s why we invest in bright minds, in their ideas, knowledge and development. We do that by combining our best sides.
If you would like to find out why stability makes us so agile, why experience makes us so curious and why empathy makes us so impactful, apply now for the position of
Senior Detection Engineer
Singapore | working from home up to 60% | Reference 5309
The Threat Detection & Hunting Team works within Line of Defense 1 and is a critical function within SIX. Our mission is to detect potential attackers in our IT infrastructure by developing threat models and using them to build detection methods and proactive hunts. As an ideal candidate you have already gained experience in analyzing host and network intrusion activities. You enjoy researching TTPs and turning that research data into high-quality detections. Also, you should have a passion for threat hunting and love to discover new technology. Furthermore, you have advanced knowledge of enterprise Windows/Linux environments and you are familiar with various public cloud platforms and related security products.
What You Will Do
- conceptualize, test, and develop threat detection use cases; in particular, you will develop SIEM detection rules, capable of correlating data logs of various nature (i.e. host, network traffic, mail data, etc.), as well as the IRP playbooks that will guide the SOC analysts through the Incident Response process phases
- design, test, and develop integrations and automation logic among the tools in our technology stack (i.e. cloud security products, SIEM, EDR, IRP) to support the investigation activities of SOC
- conceptualize, test, and execute proactive hunts based on host activities and network traffic; you will process Threat Intelligence reports to develop your hypothesis and you will use a variety of tools to conduct hunting
What You Bring
- at least two out of [1], [2], and [3]
- [1] 4-5+ years of hands-on experience as a detection engineer / SOC use case developer with creating and tuning custom detection rules; experience with log analysis from multiple sources (i.e. firewall, IDS, endpoints) to identify and investigate security events and anomalies; preferably familiar with SIEM tools like Sentinel or Elastic
- [2] 4-5+ years of hands-on experience as a threat hunter with researching TTPs and developing enterprise-wide hunting expeditions; experience with making the MITRE attack framework actionable; preferably familiar with EDR tools like Tanium or Defender for Endpoint
- [3] 2-3+ years of hands-on experience in the area of scripting and automation; preferably familiar with Cortex XOAR, REST APIs, Python, GitLab, and Azure DevOps
- excellent written and verbal communication skills in English to describe security event details and technical analysis with audiences within the cybersecurity organization and other IT teams; a good level of Spanish and/or German is a plus
If you have any questions, please call Jake Browne at +44 207 550 5415.
For this vacancy we only accept direct applications.
Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background.
What We Offer
Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success.
Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.
Agile Working Methods
Whether through scrum or design thinking,
we solve exciting tasks together in teams.