echojobs.io
Login

Euroclear

Threat Detection Engineer, Splunk Developer

Poland
Splunk Bash Python JSON Git MITRE ATT&CK
Search for More Jobs
Description

Threat Detection Engineer - Splunk Developer

Location: Poland

Division: Chief Information Security Office (CISO) 

As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the company’s business. Information Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office in charge of putting in place the required controls to adequately and effectively protect our information assets.

Your role

In your role as Threat Detection & Response Engineering Splunk Developer, you are responsible for the development and maintenance of correlation searches and dashboards on the SIEM (Splunk ES) platform.

You will report to the Manager of Detection & Response Engineering and will work jointly with threat intelligence, design, engineering and response teams, to gather and define requirements, specify clear priorities, evaluate technical trade-offs, and build and maintain threat detection capabilities.

The Detection & Response Engineering team is comprised of:

  • Detection/Security Engineers – who implement and maintain threat detections.
  • SOAR Engineers – who develop responses such as playbooks, automations etc. 

Your responsibilities & duties

  • Collaborate with key stakeholders (Threat Intelligence, SOC, engineering teams) to gather requirements and translate threat scenarios into actionable detection use cases.
  • Design, develop, tune, and continuously improve Splunk ES correlation searches aligned with MITRE ATT&CK techniques and Euroclear threat models.
  • Validate detections through structured testing, evidence collection, and adversary simulation tooling, refining logic based on test results and behavioral accuracy.
  • Perform false‑positive analysis, baseline creation, and high‑fidelity tuning to maintain actionable and reliable detection signals.
  • Maintain clear, structured documentation for detection logic, testing procedures, ATT&CK mapping, and operational deployment guidelines.
  • Conduct coverage gap assessments, maintain the detection inventory, and contribute to ATT&CK‑based coverage reporting and maturity tracking.
  • Perform peer reviews of detection content to ensure quality, consistency, and adherence to detection engineering standards.
  • Implement and optimize Splunk ES features such as correlation search patterns, notable events, and risk‑based alerting (RBA).
  • Work closely with the log onboarding team to ensure high‑quality telemetry, correct field extractions, CIM compliance, and accurate Data Model mapping.
  • Identify and implement improvements to detection workflows, telemetry quality, and the overall detection engineering lifecycle.

Your qualifications required

  • Proven expertise across the full SIEM detection engineering lifecycle, including hypothesis‑driven detection design, structured testing, validation, false‑positive reduction, operational deployment, and continuous refinement.
  • In‑depth knowledge of key security telemetry sources, including Windows Event Logs, Sysmon, Linux audit logs, firewall and proxy logs, cloud security logs, and EDR telemetry.
  • Advanced SPL proficiency with deep understanding of the Splunk Common Information Model (CIM), Data Models, and performance optimization (search acceleration, summary indexing, Data Model acceleration).
  • Experience applying the MITRE ATT&CK framework for behavior‑based detection design, threat mapping, and coverage analysis.
  • Hands‑on experience with data onboarding quality assurance, including field extraction verification, CIM compliance testing, sample‑based validation, and ensuring schema correctness across log sources.
  • Ability to work with deeply nested JSON telemetry and complex field structures.
  • Strong foundational understanding of network, endpoint, and cloud security concepts relevant to detection engineering.

Will be considered an asset

  • Splunk certifications such as, Splunk Core Certified Power User, Splunk Certified Developer, Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin
  • Any other Security Certifications (GIAC GCDA (Detection & Analysis), GIAC GMON (Monitoring & SIEM), Threat hunting–oriented certifications)  
  • Familiarity with Git‑based version control and CI/CD pipelines supporting detection‑as‑code workflows.
  • Experience with adversary simulation and automated detection validation tools (e.g., Atomic Red Team, Splunk Attack Range, MITRE CALDERA, AttackIQ).
  • Exposure to purple teaming, threat hunting, or attack path analysis.

Soft Skills 

  • Excellent English communication skills (written and oral), with the ability to clearly articulate complex technical concepts to both technical and non‑technical audiences.
  • Strong analytical and critical‑thinking abilities, capable of breaking down complex problems and identifying systematic, high‑quality solutions under time pressure.
  • Structured problem‑solving approach applied to troubleshooting, validation, and continuous improvement of detection logic.
  • Collaborative and open‑minded mindset, able to work effectively with SOC, Threat Intelligence, engineering, and platform teams.
  • High level of autonomy, with the ability to manage priorities and deliver well‑engineered detections within agreed timelines.
  • Fast and independent learner with a strong drive for self‑improvement and staying current with evolving threats and detection techniques.
  • Strong attention to detail, ensuring accuracy in detection logic, documentation, and validation activities.
  • Solid documentation and workflow discipline, supporting consistent, repeatable, and high‑quality detection engineering processes.
  • Adaptable and pragmatic, comfortable working in fast‑changing environments and handling ambiguity in telemetry or threat scenarios.


ABOUT US 

Why Join Us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have a clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer

  • Work closely with inspiring, supportive, and engaged colleagues from more than 80 different countries
  • Practice your talents in a highly professional international environment
  • Join a learning and development environment with an emphasis on knowledge sharing and training
  • Competitive salary and comprehensive benefits

New Ways of Working 

Find your own optimal balance within our hybrid working model, where you can connect at the office and at the same time benefit from remote working.

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

About the team 

The Cyber Defence Centre provides continuous identification, monitoring and response to threats to the Euroclear infrastructure, applications and data. It is designed as the last line of defence for the organisation, in the event that actors; both internal and external have penetrated our preventative cyber controls with malicious intent.

 

About Us

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system. 

What We Offer:

  • Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries. 
  • Practice your talents in a highly professional international environment. 
  • Join a learning and development environment with an emphasis on knowledge sharing and training.
  • Competitive salary and comprehensive benefits.

Ways of working

Find your own optimal balance within our hybrid working model, where you can connect at the office 8 days a month and also benefit from remote working. 

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process. Our values guide how we work together and shape our future: Our mission and values - Euroclear

About the Organization

As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets. The Cyber Defence Centre is responsible for Threat Identification, Threat Detection and Threat Response.
Euroclear
Euroclear

0 applies

0 views

There are more than 50,000 engineering jobs:

Subscribe to membership and unlock all jobs

Engineering Jobs

60,000+ jobs from 4,500+ well-funded companies

Updated Daily

New jobs are added every day as companies post them

Refined Search

Use filters like skill, location, etc to narrow results

Become a member

🥳🥳🥳 452 happy customers and counting...

Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.

To try it out

For active job seekers

For those who are passive looking

Cancel anytime

Frequently Asked Questions

  • We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
  • We've got over 200,000 jobs from 15,000+ vetted companies. No fake or sleazy jobs here!
  • We aggregate jobs from 15,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
  • We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
  • Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
  • Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
  • Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅

What Fellow Engineers Say