Threat Detection Engineer - Splunk Developer at Euroclear SANV UK Branch

, , Poland -

Full Time

Start Date

Immediate

Expiry Date

13 May, 26

Salary

0.0

Posted On

12 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Splunk, SIEM, Threat Detection, Correlation Searches, MITRE ATT&CK, Telemetry, JSON, Security Engineering, Documentation, Collaboration, Analytical Skills, Problem Solving, Continuous Improvement, Field Extraction, Adversary Simulation, Automation

Industry

Financial Services

Description

Division: Chief Information Security Office (CISO) As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the company’s business. Information Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office in charge of putting in place the required controls to adequately and effectively protect our information assets. Your role In your role as Threat Detection & Response Engineering Splunk Developer, you are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform. You will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering and response teams, to gather and define requirements, specify clear priorities, evaluate technical trade-offs, and build and maintain threat detection capabilities. The Detection & Response Engineering team is comprised of: Detection/Security Engineers – who implement and maintain threat detections. SOAR Engineers – who develop responses such as playbooks, automations etc. Your responsibilities & duties Collaborate with key stakeholders (Threat Intelligence, SOC, engineering teams) to gather requirements and translate threat scenarios into actionable detection use cases. Design, develop, tune, and continuously improve Splunk ES correlation searches aligned with MITRE ATT&CK techniques and Euroclear threat models. Validate detections through structured testing, evidence collection, and adversary simulation tooling, refining logic based on test results and behavioral accuracy. Perform false‑positive analysis, baseline creation, and high‑fidelity tuning to maintain actionable and reliable detection signals. Maintain clear, structured documentation for detection logic, testing procedures, ATT&CK mapping, and operational deployment guidelines. Conduct coverage gap assessments, maintain the detection inventory, and contribute to ATT&CK‑based coverage reporting and maturity tracking. Perform peer reviews of detection content to ensure quality, consistency, and adherence to detection engineering standards. Implement and optimize Splunk ES features such as correlation search patterns, notable events, and risk‑based alerting (RBA). Work closely with the log onboarding team to ensure high‑quality telemetry, correct field extractions, CIM compliance, and accurate Data Model mapping. Identify and implement improvements to detection workflows, telemetry quality, and the overall detection engineering lifecycle. Your qualifications required Proven expertise across the full SIEM detection engineering lifecycle, including hypothesis‑driven detection design, structured testing, validation, false‑positive reduction, operational deployment, and continuous refinement. In‑depth knowledge of key security telemetry sources, including Windows Event Logs, Sysmon, Linux audit logs, firewall and proxy logs, cloud security logs, and EDR telemetry. Advanced SPL proficiency with deep understanding of the Splunk Common Information Model (CIM), Data Models, and performance optimization (search acceleration, summary indexing, Data Model acceleration). Experience applying the MITRE ATT&CK framework for behavior‑based detection design, threat mapping, and coverage analysis. Hands‑on experience with data onboarding quality assurance, including field extraction verification, CIM compliance testing, sample‑based validation, and ensuring schema correctness across log sources. Ability to work with deeply nested JSON telemetry and complex field structures. Strong foundational understanding of network, endpoint, and cloud security concepts relevant to detection engineering. Will be considered an asset Splunk certifications such as, Splunk Core Certified Power User, Splunk Certified Developer, Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin Any other Security Certifications (GIAC GCDA (Detection & Analysis), GIAC GMON (Monitoring & SIEM), Threat hunting–oriented certifications) Familiarity with Git‑based version control and CI/CD pipelines supporting detection‑as‑code workflows. Experience with adversary simulation and automated detection validation tools (e.g., Atomic Red Team, Splunk Attack Range, MITRE CALDERA, AttackIQ). Exposure to purple teaming, threat hunting, or attack path analysis. Soft Skills Excellent English communication skills (written and oral), with the ability to clearly articulate complex technical concepts to both technical and non‑technical audiences. Strong analytical and critical‑thinking abilities, capable of breaking down complex problems and identifying systematic, high‑quality solutions under time pressure. Structured problem‑solving approach applied to troubleshooting, validation, and continuous improvement of detection logic. Collaborative and open‑minded mindset, able to work effectively with SOC, Threat Intelligence, engineering, and platform teams. High level of autonomy, with the ability to manage priorities and deliver well‑engineered detections within agreed timelines. Fast and independent learner with a strong drive for self‑improvement and staying current with evolving threats and detection techniques. Strong attention to detail, ensuring accuracy in detection logic, documentation, and validation activities. Solid documentation and workflow discipline, supporting consistent, repeatable, and high‑quality detection engineering processes. Adaptable and pragmatic, comfortable working in fast‑changing environments and handling ambiguity in telemetry or threat scenarios. ABOUT US Why Join Us Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have a clear ambition to use our key role to facilitate and accelerate a sustainable global financial system. What We Offer Work closely with inspiring, supportive, and engaged colleagues from more than 80 different countries Practice your talents in a highly professional international environment Join a learning and development environment with an emphasis on knowledge sharing and training Competitive salary and comprehensive benefits New Ways of Working Find your own optimal balance within our hybrid working model, where you can connect at the office and at the same time benefit from remote working. Great Place to Work for All We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process. About the team The Cyber Defence Centre provides continuous identification, monitoring and response to threats to the Euroclear infrastructure, applications and data. It is designed as the last line of defence for the organisation, in the event that actors; both internal and external have penetrated our preventative cyber controls with malicious intent. Why join us Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system. What We Offer: Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries. Practice your talents in a highly professional international environment. Join a learning and development environment with an emphasis on knowledge sharing and training. Competitive salary and comprehensive benefits. New ways of working Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working. Great Place to Work for All We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process. As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The Threat Detection Engineer is responsible for developing and maintaining correlation searches and dashboards on the Splunk ES platform. They will collaborate with various teams to gather requirements and build threat detection capabilities.