Threat Detection Engineer

, Netherlands

Job Family Group:

Information Technology (IT)

Worker Type:

Regular

Posting Start Date:

March 17, 2025

Business unit:

Projects and Technology

Experience Level:

Experienced Professionals

Job Description:

What’s the role

Step into an exhilarating role where you'll lead the charge in detecting latest cybersecurity threats and safeguarding Shell using cutting-edge technology!

The role is part of the CISO (Cyber Information Security Office) in the Information and Digital Technology organization. The Threat Detection Engineering team supports Shell’s CyberDefence team by developing and implementing cyber threat detection capabilities. These capabilities identify adversary tactics, techniques, and procedures (TTPs), enabling swift action on Events of Interest. Input from various CyberDefence teams, including Threat, Detect, Incident, and the Red Team, informs the detection opportunities. Threat Detection Engineering helps to recognize malicious activities in the early stage of the kill chain, providing an opportunity to intervene before significant harm occurs.

What you’ll be doing

As the Threat Detection Engineer, you will develop correlation searches and reporting capabilities that result in actionable events of interest. The detection searches created in Splunk and Sentinel must be both performant and accurate and continuously updated to adapt to the ever-changing threat landscape.

Accountabilities

• Deliver the Threat Detection Engineering Use Case backlog

• Use scripting/programming languages to test Use Cases and manage git repos

• Develop and implement Custom of use cases that are not yet covered by existing tools and solutions

• Translate IoC use case requests into optimized technical implementation and translate behavioral analytics use case requests into algorithms to be deployed in CyberDefence technologies

• Work with the wider CyberDefence organization in understanding requirements for detection capabilities and detection logic and able to work with the CyberDefence LT to prioritize work effort

• Be the quality gatekeeper for all new and existing detection use cases, with a focus on minimizing false positives and rework

• Support and develop other CyberDefence extended team members with experience and best practices in a continuous learning environment

• Support activities to embed automated use case testing and validation checks

What you bring

• Has a significant IT security experience and solid engineering background

• Experience with solution building by secure in design principles

• Proven experience in coding or scripting experience in languages

• Proven experience in Splunk Search Processing Language (SPL), some experience with Microsoft Sentinel Kusto Query Language (KQL) preferred

• SC-200 and or Splunk certifications preferred

• Experience developing Indicators of Compromise (IoC) in Security Information & Event Management (SIEM) platforms

• Experience using Git repositories and knowledge of CI/CD pipelines

• Good technical understanding of common IT services including Azure and AWS cloud, Unix/Linux and Windows servers and client machines, database technologies, firewalls and network devices, popular application suites, etc

• Develops and maintains knowledge of cyber security and maintains an awareness of current developments

• Has excellent written and verbal communication skills and provides well-informed advice to own and others outside the core team

Note: As part of your application, please submit a motivation letter along with your resume. The motivation letter should outline your reasons for applying to this position and how your skills and experiences align with the job requirements. This will help us better understand your interest in the role and your suitability for the position.

We'd like you to know that Shell has a bold goal: to become one of the world’s most diverse and inclusive companies. You can get to know more about how we're working towards that goal, click here.

Shell in The Netherlands

Most Dutch people know us from the 570 retail stations where they can fill up, recharge and buy fresh sandwiches and coffee. But Shell is more than the stations. The company that started over 130 years ago grew into one of the world’s largest energy companies. And during that time, operations in the Netherlands have continued to expand.

For example, from Rotterdam, Shell coordinates the supply of lubricants for transport and agriculture, aviation fuel and raw materials. Shell Pernis produces the building blocks for healthcare disinfectants and muscle relaxants in Intensive Care. Amsterdam is home to one of our largest research centres in the world: the open Energy Transition Campus Amsterdam. From our campus in The Hague, we lead Shell’s global energy transition. Pernis is home to one of our main refineries and Moerdijk is home to our Dutch chemical plants.

-

DISCLAIMER:

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.