In this role, you will assist in designing, developing, and tuning security detections to identify potential threats targeting our enterprise IT & OT environments. You will work primarily with Splunk SIEM and a variety of data sources to ensure effective monitoring and alerting across endpoints, networks, and applications. This is an excellent opportunity to grow your skills in cybersecurity engineering, threat detection, and security analytics while collaborating with experienced analysts, threat hunters, and incident responders.

You will also be responsible for:

Detection Engineering & Development

• Assisting in creating, testing, and deploying security detection rules and use cases in Splunk SIEM.

• Developing queries using Splunk Search Processing Language (SPL) to identify suspicious activities and potential threats.

• Participating in tuning existing alerts to minimize false positives and improve detection accuracy.

• Supporting the creation of detection logic aligned to frameworks such as MITRE ATT&CK and industry best practices.

Security Monitoring & Threat Analysis

• Monitoring security alerts and reports to validate detection performance and identify areas for improvement.

• Conducting basic threat analysis to understand attack patterns and adversary behaviors.

• Collaborating with incident response and threat hunting teams to refine detections based on real-world incidents and emerging threats.

Data Integration & Enrichment

• Assisting in onboarding and validating new log sources into Splunk.

• Supporting enrichment of detection logic with threat intelligence feeds, asset context, and other relevant data points.

Collaboration & Documentation

• Working closely with senior detection engineers, security analysts, and IT teams.

• Document detection logic, use case requirements, tuning procedures, and validation results.

• Participating in security operations process improvement initiatives.

Fuel your passion

 To be successful in this role you will:

1. Have a bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field with 1-3 years of professional experience
2. Have a foundational understanding of SIEM concepts and security monitoring principles.
3. Familiarity with Splunk SPL, Microsoft KQL and the fundamentals of writing security queries.
4. Have a basic understanding of common attack techniques (e.g., malware, phishing, privilege escalation, lateral movement).
5. Have a strong analytical and problem-solving skills.
6. Have hands-on experience with Splunk in a lab, academic, or professional environment.
7. Exposure to MITRE ATT&CK or similar frameworks for classifying adversary behaviors.
8. Have Any relevant cybersecurity certifications (e.g., CompTIA Security+, Splunk Core Certified User, SSCP).
9. Knowledge of scripting languages such as PowerShell or Python for data manipulation or automation.
10. Interest or coursework in detection engineering, threat hunting, or incident response.
11. Eager to learn and grow in the field of cybersecurity.
12. Detail-oriented with a methodical approach to solving technical problems.
13. Ability to work independently and collaboratively in a fast-paced team environment.
14. Have a passion for cybersecurity, continuous learning, and proactive defense strategies.