Threat Detection Engineer - Splunk Developer
📍 Kraków⭐ Nieznany📄 other
Widełki nieujawnione
🗂 Szczegóły oferty
LokalizacjaKraków
Tryb pracy—
Etat—
DoświadczenieNieznany
Typ kontraktuOther
Kategoriait
📝 Opis główny / Wstęp
JOB DESCRIPTION
Division: Chief Information Security Office (CISO)
As a global critical financial infrastructure, the protection of Euroclear information andassets is fundamental to the company’s business. Information Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office in charge of putting in place the required controls to adequately and effectively protect our information assets.
Your role
In your role as Threat Detection & Response Engineering Splunk Developer, you are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform.
You will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering and response teams, to gather and define requirements, specify clear priorities, evaluate technical trade-offs, and build and maintain threat detection capabilities.
The Detection & Response Engineering Team Is Comprised Of:
Why Join Us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have a clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.
Division: Chief Information Security Office (CISO)
As a global critical financial infrastructure, the protection of Euroclear information andassets is fundamental to the company’s business. Information Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office in charge of putting in place the required controls to adequately and effectively protect our information assets.
Your role
In your role as Threat Detection & Response Engineering Splunk Developer, you are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform.
You will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering and response teams, to gather and define requirements, specify clear priorities, evaluate technical trade-offs, and build and maintain threat detection capabilities.
The Detection & Response Engineering Team Is Comprised Of:
- Detection/Security Engineers – who implement and maintain threat detections.
- SOAR Engineers – who develop responses such as playbooks, automations etc.
- Collaborate with key stakeholders (Threat Intelligence, SOC, engineering teams) to gather requirements and translate threat scenarios into actionable detection use cases.
- Design, develop, tune, and continuously improve Splunk ES correlation searches aligned with MITRE ATT&CK techniques and Euroclear threat models.
- Validate detections through structured testing, evidence collection, and adversary simulation tooling, refining logic based on test results and behavioral accuracy.
- Perform false‑positive analysis, baseline creation, and high‑fidelity tuning to maintain actionable and reliable detection signals.
- Maintain clear, structured documentation for detection logic, testing procedures, ATT&CK mapping, and operational deployment guidelines.
- Conduct coverage gap assessments, maintain the detection inventory, and contribute to ATT&CK‑based coverage reporting and maturity tracking.
- Perform peer reviews of detection content to ensure quality, consistency, and adherence to detection engineering standards.
- Implement and optimize Splunk ES features such as correlation search patterns, notable events, and risk‑based alerting (RBA).
- Work closely with the log onboarding team to ensure high‑quality telemetry, correct field extractions, CIM compliance, and accurate Data Model mapping.
- Identify and implement improvements to detection workflows, telemetry quality, and the overall detection engineering lifecycle.
- Proven expertise across the full SIEM detection engineering lifecycle, including hypothesis‑driven detection design, structured testing, validation, false‑positive reduction, operational deployment, and continuous refinement.
- In‑depth knowledge of key security telemetry sources, including Windows Event Logs, Sysmon, Linux audit logs, firewall and proxy logs, cloud security logs, and EDR telemetry.
- Advanced SPL proficiency with deep understanding of the Splunk Common Information Model (CIM), Data Models, and performance optimization (search acceleration, summary indexing, Data Model acceleration).
- Experience applying the MITRE ATT&CK framework for behavior‑based detection design, threat mapping, and coverage analysis.
- Hands‑on experience with data onboarding quality assurance, including field extraction verification, CIM compliance testing, sample‑based validation, and ensuring schema correctness across log sources.
- Ability to work with deeply nested JSON telemetry and complex field structures.
- Strong foundational understanding of network, endpoint, and cloud security concepts relevant to detection engineering.
- Splunk certifications such as, Splunk Core Certified Power User, Splunk Certified Developer, Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin
- Any other Security Certifications (GIAC GCDA (Detection & Analysis), GIAC GMON (Monitoring & SIEM), Threat hunting–oriented certifications)
- Familiarity with Git‑based version control and CI/CD pipelines supporting detection‑as‑code workflows.
- Experience with adversary simulation and automated detection validation tools (e.g., Atomic Red Team, Splunk Attack Range, MITRE CALDERA, AttackIQ).
- Exposure to purple teaming, threat hunting, or attack path analysis.
- Excellent English communication skills (written and oral), with the ability to clearly articulate complex technical concepts to both technical and non‑technical audiences.
- Strong analytical and critical‑thinking abilities, capable of breaking down complex problems and identifying systematic, high‑quality solutions under time pressure.
- Structured problem‑solving approach applied to troubleshooting, validation, and continuous improvement of detection logic.
- Collaborative and open‑minded mindset, able to work effectively with SOC, Threat Intelligence, engineering, and platform teams.
- High level of autonomy, with the ability to manage priorities and deliver well‑engineered detections within agreed timelines.
- Fast and independent learner with a strong drive for self‑improvement and staying current with evolving threats and detection techniques.
- Strong attention to detail, ensuring accuracy in detection logic, documentation, and validation activities.
- Solid documentation and workflow discipline, supporting consistent, repeatable, and high‑quality detection engineering processes.
- Adaptable and pragmatic, comfortable working in fast‑changing environments and handling ambiguity in telemetry or threat scenarios.
Why Join Us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have a clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.
📡 Metadata statystyk
Źródłolinkedin
Slug / IDkrakow-threat-detection-engineer-splunk-developer-euroclear-d52559
Opublikowano27 marca 2026
Wygasa—
Pobranie (Ingest)27 marca 2026
🔗Podobne oferty