Security Detection & SIEM Engineer

Responsibilities

• Lead SIEM configuration, rule tuning, and onboarding of logs from servers, applications, and network infrastructure.
• Perform daily security alert monitoring and analysis, including alert triage, classification, investigation, escalation, and case closure.
• Prepare weekly security monitoring and alert trend reports, including event summaries, detection metrics, and operational observations.
• Deploy and manage log collection agents across Linux, Windows, and network infrastructure, ensuring stable log coverage and platform reliability.
• Maintain and enhance AI-assisted detection and behavioral analysis workflows, including alert flow stability and detection optimization.
• Define and refine detection logic, including rules, correlation patterns, and behavioral indicators.
• Support integration of OS and application logs for monitoring, correlation, and activity analysis.
• Manage dashboards, alert metrics, and reporting to provide visibility into security posture and monitoring operations.
• Support incident investigation and coordinate with infrastructure and application teams where required.
• Ensure platform health, log retention, monitoring coverage, and overall reliability of the SIEM environment.
• Preferred Skills & Qualifications
• Bachelor's Degree in Information Security, Cybersecurity, Computer Science, or related field.
• Minimum 5 years of experience in SIEM administration, security monitoring, or detection engineering.
• Hands-on experience with SIEM, log management, or security monitoring platforms.
• Strong knowledge of Linux and Windows systems administration and security log analysis.
• Experience with Python, Shell scripting, or automation tools for log processing and workflow optimization.
• Familiarity with security event correlation, behavioral analysis, and detection engineering concepts.
• Exposure to API integration, middleware, or AI-assisted analysis solutions is an advantage.
• Strong analytical, troubleshooting, and problem-solving skills with attention to detail.
• Ability to communicate effectively in English
• Fluency in spoken and written Chinese is essential, as the role requires frequent liaison with Chinese-speaking counterparts and stakeholders, and the preparation, review and handling of Chinese-language work materials.
• 主要職責
• 資安監控與事件分析
• 執行日常資安警示監控與分析，包括警示分流、分類、調查、升級處理及案件結案
• 支援資安事件調查，並在需要時與基礎架構及應用程式團隊協作
• 準備每週資安監控與警示趨勢報告，包括事件摘要、偵測指標及營運觀察
• SIEM 管理與偵測工程
• 主導 SIEM 設定、日誌導入、規則調校及偵測優化，涵蓋伺服器、應用程式及網路基礎架構
• 定義並優化偵測邏輯，包括關聯規則、行為指標及監控使用情境
• 維護並改善 AI 輔助偵測及行為分析工作流程
• 日誌管理與平台營運
• 在 Linux、Windows 及網路設備上部署並管理日誌收集代理程式，確保穩定且完整的日誌覆蓋範圍
• 支援作業系統與應用程式日誌整合，用於監控、關聯分析及活動分析
• 確保 SIEM 環境的平台健康狀態、日誌保存、監控覆蓋率及整體可靠性
• 儀表板與報告
• 管理儀表板、警示指標及報告，提升組織資安狀態的可視性
• 支援營運報告及資安監控績效檢討
• 流程改善與自動化
• 透過腳本與系統整合，推動資安監控自動化及工作流程改善
• 參與資安平台強化與營運優化專案
• 理想條件
• 資訊安全、網路安全、電腦科學或相關領域學士學位
• 至少 5 年 SIEM 管理、資安監控或偵測工程相關經驗
• 具備 SIEM 或日誌平台實務經驗，例如 ELK、Wazuh、Splunk、Graylog、QRadar 或相關技術
• 熟悉 Linux 與 Windows 系統管理及資安日誌分析
• 具備 Python、Shell Scripting 或自動化工具經驗，可應用於日誌處理與工作流程優化
• 熟悉資安事件關聯分析、行為分析及偵測工程相關概念
• 具備 API 整合、中介軟體或 AI 輔助分析解決方案經驗者佳
• 具備良好的分析、故障排除與問題解決能力，並注重細節
• 能以英文進行有效溝通；具普通話能力者佳，有助於與區域利害關係人協作
• 須具備流利的中文聽說讀寫能力，因本職位需經常與中文溝通之合作方及持份者聯繫，並需撰寫、審閱及處理中文工作文件
• 核心能力
• 資安監控與事件分析
• SIEM 管理
• 偵測工程
• 日誌管理與關聯分析
• 自動化與腳本撰寫
• 分析思維
• 問題解決能力
• 跨部門溝通與協作能力
• 對資安偵測、SIEM 平台管理及資安監控營運有豐富經驗，並希望參與區域型資安平台優化與威脅偵測工作的專業人士，歡迎與我們聯繫了解更多。
• Lumina Advisory & Global Search Pte Ltd | 25C3262
• Joyce Yeo | R1218489

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at LUMINA ADVISORY & GLOBAL SEARCH PTE. LTD.? Share your experience