Threat Detection Engineer

At a Global Healthcare company, we are working with they are seeking a skilled and experienced Threat Detection Engineer to join our security operations team. In this role, you will be responsible for proactively monitoring, analyzing, and responding to potential threats to our information systems, networks, and infrastructure. You will work closely with cross-functional teams to develop, implement, and enhance threat detection strategies and technologies, ensuring the protection of our organization's critical assets.
Responsibilities:

1. Monitor and analyze security events, alerts, and logs from various sources, such as intrusion detection systems (IDS), security information and event management (SIEM) tools, network traffic analyzers, and endpoint protection platforms.
2. Identify and investigate potential security incidents, anomalies, and vulnerabilities, taking appropriate action to mitigate risks and prevent unauthorized access or data breaches.
3. Develop and maintain comprehensive threat detection rules, use cases, and correlation rules within the SIEM platform, ensuring accurate and timely detection of security incidents.
4. Collaborate with internal teams, including network operations, system administrators, and application owners, to identify and implement security controls, configurations, and countermeasures to address identified threats and vulnerabilities.
5. Conduct security assessments and penetration testing exercises to identify weaknesses and provide recommendations for improving the security posture of systems and networks.
6. Participate in incident response activities, including containment, eradication, and recovery efforts, and assist in post-incident analysis and reporting.
7. Provide technical guidance and support to other members of the security operations team and assist in their skill development.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Previous experience working in a threat detection or security operations role, preferably in a large enterprise environment.
• Strong knowledge of networking protocols, operating systems, and security technologies.
• Familiarity with common security frameworks, such as Splunk and MITRE frameworks
• Experience with security tools and technologies, including SIEM platforms, IDS/IPS systems, firewall management, and endpoint protection solutions.
• Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation and data analysis.
• Knowledge of cloud computing platforms (e.g., AWS, Azure) and associated security controls is a plus.
• Excellent analytical and problem-solving skills, with a strong attention to detail.