Detection Engineer / Cybersecurity Operations Overview: The Detection Engineer will be responsible for assessing and developing threat detection and monitoring capabilities.
The role will also focus on leveraging the current solutions available in Siemens Healthineers, as well as participating in structuring and enhancing the detection team functions.
Tasks and Responsibilities: Develop use cases, use data analytics techniques, and other detection mechanisms on SIEM and other detection tools. Evaluate and prioritize detection capabilities (logs integration, new tools requirements) based on MITRE ATT&CK coverage using threat intelligence feedback. Process, analyze, and plan detection mechanisms to detect red team assessments and detection capabilities testing. Design new mechanisms to detect and respond to new and existing threats. Lead taskforces to provide threats visibility and analysis. Assist and cooperate on incident response tasks. Perform proactive detection leveraging tools capabilities and internal developments. Develop and maintain documentation, playbooks, and procedures for threat triage and response. Coach and train security analysts on triage and response tasks. Perform investigations and tasks automation. Qualifications: Degree in Computer Science, Engineering, or related fields. Experience in threat modelling, specifically using MITRE ATT&CK. Knowledge of the current threat landscape and attack vectors. Experience in SIEM usage and administration. Strong data analytics and exploration skills. Solid usage and management experience of EDR/XDR technologies. Knowledge of Microsoft security solutions suite (Sentinel, 365 Defender, etc.
). Knowledge in leveraging other detection tools such as IDS/IPS, Firewalls, proxies, etc. Knowledge of Public/Hybrid cloud infrastructures. Prior engagement in threat response scenarios. Programming abilities (Python / shell scripting / cloud automations). Additionally: MSc in Cybersecurity or equivalent is desired. 5+ years of experience in SOC/detection and response/Incident Response/technical security departments. Relevant industry certifications or courses such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+, CISSP are desirable. Personality Traits: Communication skills to speak with confidence and ownership mindset to different international stakeholders, e.g., service providers, internal customers & IT groups. Negotiation skills and ability to set and track priorities and deadlines. Able to work on a very tight schedule while keeping track of tasks progress and deadlines. Team player but also able to work on an individual basis. Skills in leading small teams or projects in a security environment. Self-learning and curiosity to keep pace with the ever-evolving cybersecurity developments are highly appreciated. Advanced English and communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise. Soft Skills SLF Requirements: Collaboration & Customer Orientation (++). Intercultural Sensitivity (+). Team Development (+). Ability to multi-task and handle multiple assignments simultaneously while focusing on delivery quality (++). Ability to use initiative when needed (self-motivation and proactive attitude) (++). Excellent communication skills (both written and verbal) in English (++). Quick learner and aptitude to get into new technologies and architectures (++).
#J-18808-Ljbffr