Splunk Detection Engineer - Threat & Detection — Melbourne, Melbourne Region

Expired

6 months contract working for a financial services organisation Launch are working with a financial services organisation to help bolster their threat and detection team. Working on an initial 6 month contract. Location: Melbourne Role and Responsibilities Develop and maintain cyber threat detection and hunting capabilities across the business. Actively research, innovate and uplift in the areas of threat detection and hunting.​ Develop and maintain attack & use case models against the environment and ​systems for the purposes of detection and monitoring use cases.​ Build and maintain continuous validation and assurance of the detection and hunting​ ​ Maximise detection visibility, coverage, and return-on-investment to maintain a ​defensible architecture across the business.​ Develop threat/attack models to depict and model detection of known attack vectors.​ Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to ​prioritise and develop detection and orchestration capability.​ Work with the Red Team to actively test and validate detection capabilities.​ Experience 5 years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5 years developing detections within a SIEM environment (such as Splunk ES). 2 years experience working with Splunk. Experience working with security tools such as endpoint detection and response systems, network anomaly detection etc, Experience working with cloud and SaaS environments (AWS, Azure, M365, Entra ID, etc) and awareness of threats impacting them. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Ability to think like an adversary/threat actor. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Working in large/complex environments. Good consulting and stakeholder management, Pro-active & energetic work ethic. Participation or experience in penetration testing / red teaming exercises, including network, infrastructure and application exploitation would be a plus. Knowledge of the following frameworks: NIST Cybersecurity framework MITRE ATT&CK Lockheed Martin Cyber Kill Chain™ or similar methodologies If you are interested, please do reach out to Sophie Garrison: Cyber Security Lead: sgarrisonlaunchrecruitment.com.au