Threat Detection Engineer

Why join us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.
What We Offer:
Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
Practice your talents in a highly professional international environment.
Join a learning and development environment with an emphasis on knowledge sharing and training.
Competitive salary and comprehensive benefits.
New ways of working
Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.
Great Place to Work for All
We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.
ABOUT THE TEAM As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.

Technical Skills
In depth experience in development and maintenance of SIEM use cases
Fluent in Splunk’s search processing language (SPL)
Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
Sound knowledge about Splunk Common Information Model (CIM) and log normalization using Data Models
Strong understanding of cybersecurity technologies, protocols, and applications
Excellent English communication skills (written and oral)
Assets
Splunk Core Certified (Advanced)Power User (essential)
Splunk Certified Developer (nice to have)
Splunk Enterprise Certified Admin (nice to have)
Splunk Enterprise Security Certified Admin (nice to have)
Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)
Soft Skills
Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress.
Strong problem solving, documentation, process execution, time management and organizational skills.
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Fast and independent learner, with ambition to self-improve.
At ease in a fast-changing environment, flexible and pragmatic, open-minded
Accurate, acting with attention to details.
Client focus and delivery oriented
A team-focused mentality with ability to work & collaborate effectively in a team environment.
Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
Able to work autonomously.
Why join us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.
What We Offer:
Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
Practice your talents in a highly professional international environment.
Join a learning and development environment with an emphasis on knowledge sharing and training.
Competitive salary and comprehensive benefits.
New ways of working
Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.
Great Place to Work for All
We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.
ABOUT THE TEAM As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.
,[Interact with the different stakeholders to gather and define requirements for the development and testing of threat detection capabilities. , Cooperate with log source onboarding team to assure correct log source onboarding and log mapping to data models according to Splunk best practices. , The development and tuning and continuous improvement of correlation rules. , Develop and maintain dashboards, reports, and alerts. , Create Splunk Knowledge Objects to address stakeholders needs in context of using Splunk as security tool. , Prepare correlation search tests, conduct tests, and document evidence from test that shows correlation search addresses scenario described in use case. , Responsible for the creation of procedures, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic , Coach a team (from a technical perspective); review work outputs and provide quality assurance. , Analyses and identifies areas of improvement with existing processes, procedures, and documentation. , Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel. , Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems. , Prioritize and coordinate backlog of threat detection requests, making sure we have a healthy balance between defect resolution and new features. ] Requirements: Splunk, Data models, Protocols, Analytical skills, GIAC, CISSP, OSCP Additionally: International environment, Remote work, Knowledge sharing.