The Mercedes-Benz AG Group CISO heads Mercedes-Benz’s Global Cyber Security Department (based in Stuttgart, Germany). We are looking for a Cyber Security SIEM Use-Case Engineer to join our Cyber Intelligence and Response Centre (CIRC). This role is crucial for the engineering, development, and continuous improvement of threat detection use-cases within our SIEM . You will also be involved in the engineering and development of custom rules to detect potential threats swiftly and creating transparency to map existing detection capabilities to the MITRE ATT&CK framework.
Key Responsibilities:
- Proactively create, test, and tune new detection use-cases in the SIEM
- Review and enhance existing detection use-cases using Machine Learning or User & Entity Behaviour Analytics (UEBA).
- Map detection use-cases to the MITRE ATT&CK framework to assess SIEM monitoring coverage.
- Perform regularly updates to threat detection engineering playbooks, processes, and documentation.
- Collaborate closely with the SOC to challenge and improve detection and prevention capabilities.
- Identify and implement SIEM use-cases to address blind spots.
- Coordinate with the log onboarding team and SIEM architect to validate new log sources for compliance and improve SIEM backend performance.
- Collaboration with Service Operations team to address challenges, process fulfillment, documentations, and improvement of Service Operations Quality.
- Provide governance on topic which related to operational stability.
Join us to play a pivotal role in enhancing our cyber security measures and protecting our global operations.
QUALIFICATIONS
Specific Knowledge
- Intense knowledge in using Splunk Enterprise Security (ES)
- Intense knowledge in developing and tuning detection use-cases (Correlation Searches) in Splunk based on Data Models
- Experience in Machine Learning and Risk Based Monitoring in Splunk is an advantage
- Ability to analyse and interpret security logs and events to identify potential threats and attack patterns
- Experience in validating data source compliant using the common interface model (CIM)
- Experience of setting up and utilize data models in Splunk
- Deep understanding of cyber security concepts to create detection use-cases targeting various phases of attack lifecycle
- Understanding of MITRE ATT&CK framework and detections of various tactics and techniques
- Experience and capable of creating interactive dashboards, alerts, reports in Splunk
Experience
- Degree from a reputable university or significant course work in Computer Science, Networking, engineering or other computer-related fields of study.
- At least 3 years of experience with demonstrable skillsets in SIEM use-case engineering, with over 5 years of experience
in cybersecurity - Previous relevant experience working in a security operational role, ideally within a Corporate, Military, or Police environment; engaging with and responding to a diverse array of internal stakeholders, including senior management
- Have good emotional intelligence and is a proven team player
- Rational and calm under pressure
- Fluency in the English language
- Effective oral and written communication skills
- Good timekeeping ability to cope with a tight deadline and achieve operational objectives
- Self-motivated with the ability to carry out assigned tasks with minimum supervision
This position is based in location Singapore. A valid and approved work visa is required for employment in Singapore in accordance to local labour law regulations. We regret to inform you that only shortlisted candidates will be notified.