Senior Cyber Detect Engineer - Bengaluru, India - Maersk

Description

Job Purpose/summary

A Detection and Automation engineer is responsible for identifying potential security threats and automating the processes that detect and respond to these threats. Their role typically involves a combination of monitoring, analysis, and the implementation of automated systems to enhance the efficiency and effectiveness of an organization's cybersecurity measures. They will help with the deployment, configuration, maintenance, and support our internal business critical systems. Look after services Lifecycle management (development, build, maintenance, and improvement) of the end to end / full-stack cyber security logging & monitoring platform. Supporting the business to transition to a more flexible, scalable approach that supports a distributed workforce and hybrid working mode.

Key responsibilities

·Threat Detection:

o Monitoring: reviewing networks, systems, and applications via the logs/ data received for signs of security breaches or unusual activities/ trends.

o Develop and implement threat detection mechanisms across multiple platforms, including SIEM, EDR, XDR, and Deception tooling.

o Regularly test and validate detection logic and triggers to ensure accuracy and reliability.

o Analysis: Analyse security alerts and logs to identify potential threats and vulnerabilities to build out use cases and playbooks and to reduce the manual effort of investigating them.

o Incident Response: Collaborate with incident response teams to investigate and mitigate security incidents.

·Automation:

o Scripting and Tools Development: Develop and implement scripts and tools to automate repetitive tasks related to threat detection and incident response. o Integration: Integrate security tools and platforms (like SIEMs, IDS/IPS, firewalls) to streamline detection and response workflows.

o Playbooks: Create and maintain automated response playbooks to standardize and accelerate incident handling processes.

·Security Operations:

o SIEM Management: Manage Security Information and Event Management (SIEM) systems to ensure effective collection, correlation, and analysis of security data.

o Rule Tuning: Continuously fine-tune detection rules and signatures to reduce false positives and enhance detection accuracy.

o Threat Intelligence: Utilize threat intelligence feeds to stay updated on emerging threats and adapt detection mechanisms accordingly.

o XDR: Manage and ensure effective playbooks are in place to drive mundane activities.

o EDR: Manage and maintain detections from the EDR platform to ensure aggregation and automation is driven via XDR.

o Testing: Ensuring that simulations and testing against all detections are done quarterly to ensure all are still fit for purpose.

· Collaboration and Communication:

o Team Coordination: Work closely with other cybersecurity professionals, such as threat hunters, incident responders, and security engineers.

o Reporting: Provide detailed reports on security incidents, detection performance, and the effectiveness of automated processes.

Primary internal stakeholders

·Detect engineering team

· Manager of Detect Engineering

· Capability and Strategy owners

Primary external stakeholders

· Vendors

· Cyber Operations Engineering teams

Required experience & skills

· Technical Proficiency:

o Knowledge of Security Tools: Proficient with security tools such as SIEM, IDS/IPS, EDR, and firewalls. XDR advantageous.

o Programming and Scripting: Skilled in scripting languages like Python, Bash, or PowerShell for automation tasks.

o Networking and Systems: Understanding of network protocols, operating systems, and common IT infrastructure.

·Analytical Skills:

o Threat Analysis: Ability to analyse complex security data and logs to identify patterns indicative of security threats.

o Problem-Solving: Strong problem-solving skills to develop effective detection and automation solutions.

·Attention to Detail:

o Accuracy: Meticulous attention to detail to ensure accurate threat detection and efficient automation processes.

o Continuous Improvement: Commitment to continuously improving detection mechanisms and automation workflows.

·Soft Skills:

o Communication: Effective communication skills to convey technical information to non-technical stakeholders and document processes clearly. o Collaboration: Ability to work collaboratively within a team and across departments.

Experience & Qualifications :

Typically, a Detection and Automation Engineer has a background in cybersecurity, computer science, or a related field. Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or SANS GIAC certifications can be advantageous. Practical experience with security operations, incident response, and automation tools is highly valued. In summary, a Detection and Automation Analyst plays a crucial role in enhancing an organization's cybersecurity posture by leveraging automation to improve the efficiency and effectiveness of threat detection and response processes.

At Maersk, we're building a culture where everyone can feel at home. We don't just work across continents, we work across different genders, generations, cultures, sexual orientations, religions, disabilities and perspectives. Together, we succeed as one global team. We want to encourage innovation and empower our teams to share new ways of thinking, making the most of our diverse talents. But it's also about feeling involved and encouraged to be yourself.

We're excited for you to become part of our team and fully join in the adventure ahead.

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing Senior Cyber Engineer - GCDC