57 Threat Detection jobs in Bengaluru

Job Position: SOC Engineer

Location: PAN.

Experience: 5+ to 10+ Years

Must have: Forensics - Others

Roles Responsibilities

• Review daily operational activities and timely mentor junior analysts
• Conduct detailed analysis on escalated events and handover the call to the Incident Response team along with appropriate evidence
• Ensure 100 incidents validation and closure
• Manage shifts and facilitate knowledge transfer within shifts shift handover
• Study attack types and methods while monitoring the environment for threats
• Perform deep dive incident analysis by correlating data from various sources
• Document and archive artefacts for future reference
• Define the criticality of behaviour events based on experience and information security understanding
• Lead operations and act as a security consultant for incidents and s observed
• Guide junior analysts in investigations analysis and categorization
• Monitor various technology dashboards and identify any suspicious activities or anomalies
• Ensure quality check for all s and incidents raised by L1 analysts
• Investigate and close testing incidents defining the steps and processes
• Prepare daily summary reports
• Raise control related concerns such as SOAR and SIEM
• Define operations related activities
• Review IRC SOP and manage all other process documents
• Submit audit data
• Escalate to seniors before the TAT breach
• Handle TAT responsibilities
• Validate SOC incidents by the Bank L2 team
• This role requires a proactive approach to security operations ensuring thorough analysis and validation of incidents mentoring junior analysts and maintaining high standards of documentation and reporting

Dear Candidate

Tata Consultancy Services is hiring for Sr SIEM Admin

Experience: 8-10 Years

Location: Bangalore

Role and Responsibility

Sr. SIEM admin with minimum 5+ yrs of exp,strong knowledge in Custom parser development,

Threat detection use-case designing, implementation and fine-tuning,create rules/dashboards for compliance and audit requirements.

Strong understanding of security incident management, malware management and vulnerability management processes

Working knowledge of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATT&CK framework.

Regards,

S.Shanbaga

Tata Consultancy Services

Human Resources CSP TAG

About Workato
Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at

Why join us?
Ultimately, Workato believes in fostering a
flexible, trust-oriented culture that empowers everyone to take full ownership of their roles
. We are driven by
innovation
and looking for
team players
who want to actively build our company.

But, we also believe in
balancing productivity with self-care
. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you

Also, Feel Free To Check Out Why

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

Responsibilities
At Workato, security is at the core of everything we do. We are seeking a proactive and detail-oriented
Security Engineer – Threat Detection
to join our expanding Security team in India. In this role, you will be pivotal in optimising and enhancing the performance of our Security Information and Event Management (SIEM) platform.

Your primary responsibility will be to maintain, manage, and enhance the SIEM system by integrating critical log sources and overseeing the entire data lifecycle within the platform. You will play a key role in advancing threat detection capabilities by strategically creating, fine-tuning, and optimizing detection rules to improve accuracy and reduce false alerts.

As a central figure in our security operations, you will ensure the SIEM effectively aggregates, processes, and manages security-relevant data from diverse endpoints—including cloud environments, source control management (SCM) systems, applications, servers, workstations, and network devices. You will collaborate closely with the Incident Response team to conduct deep-dive analyses of security incidents and actively participate in daily on-call rotations.

If you are passionate about automating threat detection, streamlining security workflows, and driving innovation at scale, this is an excellent opportunity for you

In This Role, You Will Also Be Responsible To

• Design, develop, implement, and continuously refine custom detection rules within the SIEM to identify emerging and potential security threats tailored to our network infrastructure, industry standards, and evolving threat landscape.
• Analyze and optimize existing detection rules to enhance accuracy, minimize false positives and negatives, and improve overall alert quality, reducing alert fatigue and boosting the signal-to-noise ratio.
• Collaborate closely with security teams and other key stakeholders to gather requirements, incorporate feedback, and collectively improve the SIEM's threat detection capabilities.
• Utilize both out-of-the-box and custom-built detection rules to effectively address the organization's unique security posture and risk profile.
• Oversee ingestion of logs and telemetry from a broad range of security and operational sources, ensuring data integrity, accurate parsing, and efficient storage for timely threat analysis.
• Apply deep expertise in security monitoring principles, threat detection methodologies, and incident response workflows to continually improve detection strategies and operational readiness.
• Maintain comprehensive documentation of detection rules, tuning activities, and SIEM configuration changes; create dashboards and generate insightful reports for management to highlight data trends and security posture.
• Stay current with the latest security threats, vulnerabilities, and advancements in SIEM technologies, particularly within the Microsoft Sentinel ecosystem, to drive ongoing improvement and innovation.
• Provide technical expertise during security audits, compliance assessments (e.g., SOC 2, ISO 27001), and risk evaluations; collaborate with compliance teams to ensure log retention and data management meet regulatory and internal standards.

Requirements
Qualifications / Experience / Technical Skills

• 3 to 6 years of hands-on experience in threat detection, SIEM management, and Security Operations in SaaS or cloud-based environments.
• Proven expertise with leading SIEM platforms and strong skills in the full lifecycle of detection rule creation, fine-tuning, and optimization to improve threat detection accuracy and reduce false positives.
• In-depth knowledge of managing data ingestion from diverse security and operational sources, with a solid understanding of data from servers, workstations, network devices, cloud environments, and security tools.
• Strong understanding of security monitoring principles, threat detection methodologies, incident response workflows, and common cyberattack vectors.
• Expertise in AWS cloud platform with the ability to identify critical log sources for ingestion; familiarity with cloud security best practices across AWS (Preferred), Azure, and GCP.
• Experience with SOAR platforms such as Workato, Palo Alto XSOAR, or Splunk SOAR, and proficiency in scripting and automation using Python, PowerShell, or Workato recipes.
• Familiarity with security compliance frameworks like SOC 2, ISO 27001, GDPR, and other relevant regulations.
• Relevant security certifications such as CISSP, AWS Certified Security – Specialty, GIAC (GCIH, GCIA), Certified Cloud Security Professional (CCSP).
• Willingness to travel occasionally within India and internationally as required.

Soft Skills / Personal Characteristics

• Strong problem-solving and analytical skills with an automation-first mindset.
• Excellent communication and collaboration skills to work across teams.
• Ability to work independently and manage multiple tasks effectively in a fast-paced environment

(REQ ID: 2336)

Life on the team

Placed within our Security Operations function, our Cyber Threat Operations Team play an essential role in protecting Computacenter from the latest threats and threat actors. The Cyber Threat Operations Team work to ensure we have a forward-looking mentality to identify emerging threats and trends. Our team brings together a diverse set of specialist skills, including Threat Intelligence, Threat Hunting, Malware Analysis, Digital Forensics, Incident Response, and Threat Modelling. At our core, we are driven by a mission to “investigate, collate and locate”: to unearth new threats, collate all available information about them, and then seek them out and respond appropriately.

The aim of the Cyber Threat Operations Team is to ensure the wider security division is one step ahead of security threats by applying technical knowledge and understanding of global events to produce relevant, actionable intelligence. The Cyber Threat Operations Team understand how threats feed into business risks. We lead on collecting, evaluating, and analysing all sources of information to produce finished Threat Intelligence to help inform Computacenter and minimise the risk of harm.

We are now looking for an experienced Malware Analyst to join our team. In this role you will be responsible for the prioritisation, gathering and analysing malware samples associated to emerging threats, and then disseminating your findings to relevant teams for appropriate action.

What you’ll do

• Analyse and Investigate: Conduct thorough analysis of malware samples to understand their behaviour, functionality, and impact.
• Threat Detection: Develop and implement strategies to detect and mitigate malware threats across various platforms and networks.
• Incident Response: Collaborate with the incident response team to investigate and respond to security incidents involving malware.
• Research and Development: Stay updated with the latest malware trends and techniques and contribute to the development of new detection and prevention tools.
• Reporting: Prepare detailed reports on malware analysis findings and provide actionable recommendations to enhance security measures as well as giving briefings to stakeholders on your work, and the trends you are seeing.
• Collaboration: Work closely with other cybersecurity professionals to share insights and improve overall threat intelligence.
• Training and Awareness: Educate and train internal teams on malware threats and best practices for prevention and response.
• Innovate and Develop: Use your ideas as a leading voice in the Malware Analysis area to continue to improve upon existing processes

What you’ll need

• Technical Expertise: Strong understanding of malware analysis techniques, reverse engineering, and threat detection methodologies.
• 6+ Years ex experience into Cyber Security
• Experience: Proven experience in cybersecurity, particularly in malware analysis and incident response.
• Tools Proficiency: Familiarity with tools such as IDA Pro, Wireshark, and other malware analysis and network monitoring tools.
• Programming Skills: Proficiency in programming languages such as Python, C/C++, and assembly language.
• Analytical Skills: Excellent problem-solving and analytical skills to dissect complex malware and understand its impact.
• Communication: Strong written and verbal communication skills to effectively report findings and collaborate with team members.
• Certifications: Relevant certifications such as GIAC Reverse Engineering Malware (GREM), or similar.
• Continuous Learning: A proactive attitude towards continuous learning and staying updated with the latest cybersecurity trends and threats.
• Attention to Detail: Keen attention to detail to identify subtle indicators of compromise and other anomalies.
• Teamwork: Ability to work in a diverse, global team.

About us

With over 20,000 employees across the globe, we work at the heart of digitisation, advising organisations on IT strategy, implementing the most appropriate technology, and helping our customers to source, transform and manage their technology infrastructure in over 70 countries. We deliver digital technology to some of the world’s greatest organisations, driving digital transformation, and enabling people and their businesses.

Learning and development

Our people are our strength which is why we offer leadership training, coaching, mentoring, professional development, and international opportunities. Whichever direction you choose to go in – whether it’s a well-trodden path or a completely new part of the business – we’ll support you. Our managers champion their people, powering their personal development and helping them to reach their full potential.

You belong

We passionately believe in the power of diversity and inclusion. We celebrate our differences because we know a diverse workforce with different experiences and perspectives helps us win together. And to do that, you need to feel comfortable to bring your whole self to work – and you can only do that when you feel supported, valued, and have a sense of belonging which is what we strive to achieve.

Your application is considered on its merits regardless of your age, disability, ethnicity, faith, gender identity or sexual orientation. All that matters to us is that you share our vision and our values, and that you bring the experience and skills we need.

We are proud to be a Disability Confident Employer;
we welcome applicationsfrom people with a disability – and guarantee to interview applicants who have a disability and meet the essential requirements for the job.

About the Role

Position Title: Threat Detection & Response, SOC Manager

Corporate Title: Vice President

Reporting to: Director

Location: Bengaluru

Job Profile:

Position details:

In this role you will focus on researching threats posed by cyber criminals to various systems, technologies, operations, and programs, and analyzing research to determine a cyber criminal’s capabilities, intentions, and attack approaches, including those with multiple phases. Responsibilities include rapidly responding to incidents to minimize risk exposure and ensure system availability;
proactively monitoring internal and external-facing environments;
seeking opportunities to automate detection and remediation and reduce response times for incidents;
and producing reports and briefings that include perspectives on the behavior of adversaries.

Roles and Responsibilities

• Manage SOC 24x7 operations including technology and people management.
• Perform cybersecurity threat detection, assessment, and mitigation efforts.
• Support inquiries from compliance teams such as IT risk management and internal and external audit, to ensure documentation is complete and in compliance with information security policies
• Identify, evaluate, and monitor continually threats that could affect operational and business activities.
• Manage development of security operations playbooks to ensure threat detection, monitoring, response, and forensics activities align with best practices, minimize gaps in detection and response, and provide comprehensive mitigation of threats.
• Create, Enhance, and manage security use cases, dashboards and alerts using Splunk.
• Research and look for opportunities to adopt the best practices and industry standards to enhance the SIEM and SOAR platforms.

Job Requirements:

• Bachelor's Degree in Business, Management, Computer Sciences, or equivalent prior work experience in a related field
• Minimum of 10 years overall experience working in global, complex, matrix-managed organization
• Minimum of 5 years of people management experience is preferred.
• Minimum of 8 years' experience in either:
• Threat detection & response and/or vulnerability management
• Incident Response and Forensic Investigations work
• Cybersecurity Operations or Information Security
• Minimum of 3 years working directly in Cybersecurity Operations or Threat and Vulnerability management.
• Experience across the following technical concentrations:
• Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)
• Anomaly Detection and Investigation
• Host and Network Forensics
• Operating Systems
• Web Applications and Traffic
• Experienced with EnCase, FTK, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open- source forensic tools.
• Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
• Experience creating trending, metrics, and management reports.
• Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance.
• Experience with cloud computing security, network, operating system, database, application, and mobile device security.
• Extensive knowledge of vulnerability management and remediation.
• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.
• Experience in two or more security domains including Security Governance and Oversight, Security
• Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics.
• Knowledge of models/frameworks such as Kill Chain and MITRE ATT&CK
• Strong time management skills to balance multiple activities and lead junior analysts as needed
• Well-developed analytic, qualitative, and quantitative reasoning skills
• Understanding of offensive security to include common attack methods.
• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event.
• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.
• Detailed knowledge and experience in security and regulatory frameworks (ISO 27001, NIST 800 series, FFIEC, SOC2, FedRAMP, STAR, etc.)
• In-depth knowledge in one or more security domains including Security Governance and Oversight,
• Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics"
• Knowledge of Splunk, Phantom, Python, CrowdStrike, Tanium, Defender, Azure, AWS and forensic security tools is preferred.
• Experience working within the Financial Services Industry preferred.
• One to three years of experience in Splunk, Splunk Enterprise Security or Splunk Phantom is preferred
• Strong analytical skills (i.E., technical and non-technical problem solving skills).
• Maintain certifications in an information security related field. The following are recommended:
• CySA+, CISSP, ISSMP, SANS, GCIA, CISM, EnCE, CEH, GCFA, GCFE, GCIH, or GSEC and/or
• Splunk Certifications.

Role: Senior Cybersecurity SOC Engineer – Threat Hunting & Incident Response

Working Hours: Monday to Friday, 9 AM – 5 PM PST (U.S. Business Hours)

Reporting To: Security Operations (SecOps) Leader – USA

About the Role: We are seeking an elite Senior Cybersecurity SOC Engineer—a hands-on security expert with deep technical knowledge and proven experience in threat hunting, incident response, and SOC program maturity. This role will report directly to the SecOps Manager in India and requires someone who thrives in a collaborative environment and leads by example. If you are a true expert with Microsoft Sentinel, CrowdStrike, MDE, SOAR platforms, MITRE ATT&CK framework, APT detection, and scripting, this role offers a great opportunity to build and defend a modern SOC environment.

Please note: This is not a SOC Analyst role. Candidates must have 7-10+ years of hands-on SOC Engineer experience with deep threat hunting and incident response expertise. Must be available to work U.S. business hours (PST timezone).

Key Responsibilities:

• Threat Hunting:
• Lead proactive threat hunting initiatives aligned with MITRE ATT&CK framework to identify, investigate, and mitigate advanced threats and adversary behaviors.
• Use telemetry from Microsoft Sentinel, CrowdStrike Falcon, MDE, and other tools to detect anomalies and emerging attack patterns.
• Develop and optimize threat hunting queries and playbooks using KQL, Python, and PowerShell.
• Continuously improve detection coverage to reduce dwell time and prevent breaches.
• Incident Response:
• Design, implement, and maintain an effective Incident Response (IR) program and playbooks covering APTs, ransomware, insider threats, and complex multi-stage attacks.
• Lead investigations on high-fidelity security alerts, conduct root cause analysis, containment, eradication, and recovery.
• Utilize CrowdStrike Falcon EDR (including RTR), Microsoft Defender for Endpoint, and Tenable for comprehensive endpoint and vulnerability correlation during incidents.
• Perform network forensics and packet analysis using Fortinet and Palo Alto firewall logs.
• Manage cloud security incidents within Azure (Azure Sentinel, Security Center) and Microsoft 365 environments.
• Coordinate with internal teams and external partners for timely, coordinated response to security incidents.
• SOC Engineering & Program Maturity:
• Build and mature the SOC’s SIEM and SOAR architecture, detection engineering, and response automation.
• Develop advanced detection logic, hunting queries, and automation workflows.
• Mentor junior SOC members and act as a technical escalation point.
• Collaborate with managed SOC partners and other security teams to enhance detection and response capabilities.

Required Experience & Skills:

• 7+ years of hands-on experience in SOC engineering, with a strong focus on threat hunting and incident response.

Expertise in:

• Microsoft Sentinel (SIEM & SOAR) and advanced KQL queries for hunting and IR
• CrowdStrike Falcon EDR (RTR, IOAs, threat containment)
• Microsoft Defender for Endpoint (MDE) telemetry and IR
• Tenable vulnerability correlation during investigations
• Fortinet and Palo Alto firewalls for forensic analysis
• Microsoft Entra ID (Azure AD), SSO, Conditional Access, MFA security controls
• Deep operational knowledge of MITRE ATT&CK for threat hunting, detection tuning, and adversary simulation.
• Proven ability to analyze and respond to APTs, malware persistence, lateral movement, privilege escalation, command & control, and data exfiltration incidents.
• Strong scripting skills (KQL, Python, PowerShell) for threat hunting automation and incident response workflows.
• Experience with SOAR platforms integration and automation (Microsoft Sentinel SOAR, Palo Alto XSOAR).
• Excellent communication, collaboration, and mentoring abilities.
• Must be able to work U.S. business hours (PST timezone).

Preferred Certifications:

• GCFA, GCIH, GCTI, CISSP, AZ-500, MS-500, or equivalent.
• MITRE ATT&CK Defender (MAD), OSCP, or Red Team certifications are a strong plus.

About Us:
MUFG Bank, Ltd. is Japans premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Banks parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the worlds leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the worlds most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFGs shares trade on the Tokyo, Nagoya, and New York stock exchanges.
MUFG Global Service Private Limited:
Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFGs global network across Americas, EMEA and Asia Pacific.

About the Role:

Position Title: AVP Platform Engineer - Threat Detection

Corporate Title: ACP

Reporting to: VP

Location: Bengaluru

Job Profile:

The AVP Platform Engineer - Threat Detection. This position involves leading efforts in setting up and maintaining infrastructure, managing CI/CD pipelines, cloud environments, virtual machines, and data lakes. The role requires ensuring efficient log data ingestion and monitoring log health, with a strong emphasis on using Sigma for threat detection. Proficiency in Python and coding is essential for automating processes and developing custom solutions.

Key Responsibilities:

• Participate in design, conducting implementation, and management of CI/CD pipelines to ensure efficient and reliable software delivery.
• Ensuring the setup and maintenance of cloud environments and virtual machines to support threat detection operations.
• Co-develop and manage data lakes for storing and processing large volumes of log data.
• Ensure seamless ingestion of log data into the data lake and monitor log health to maintain data integrity.
• Utilize Sigma tool for creating and managing detection rules and queries.
• Automate infrastructure processes and develop custom solutions using Python.
• Collaborate with the threat detection team to optimize infrastructure for enhanced detection capabilities.
• Conduct regular infrastructure audits and performance tuning to ensure optimal operation.
• Document infrastructure setup and maintenance processes for future reference and training.
• Provide technical support and guidance to team members on infrastructure-related issues.
• Mentor junior analysts and provide leadership in threat detection initiatives.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Extensive experience in infrastructure setup and management, including CI/CD pipelines, cloud environments, and virtual machines.
• Strong understanding of data lake architecture and log management.
• Experience with Sigma tool for threat detection.
• Proficiency in Python programming and coding for automation and solution development.
• Demonstrated ability work collaboratively in a team environment, and communicate effectively with technical and non-technical stakeholders.
• Strong problem-solving skills and attention to detail.

Preferred Skills:

• Experience with cloud platforms and services (e.g., AWS, Azure).
• Familiarity with cybersecurity principles and threat detection methodologies.
• Deep knowledge of network security and protocols.
• Experience in threat hunting and relevant frameworks such as PEAK and TAHITI.

Working Conditions:

• This role may require occasional on-call support and flexibility in working hours to address urgent security incidents.

About Us:
MUFG Bank, Ltd. is Japans premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Banks parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the worlds leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the worlds most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFGs shares trade on the Tokyo, Nagoya, and New York stock exchanges.
MUFG Global Service Private Limited:
Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFGs global network across Americas, EMEA and Asia Pacific.

Position Title: Analyst Platform Engineer - Threat Detection.

Corporate Title: Analyst

Reporting to: VP

Location: Bengaluru

Job Profile:

The Analyst Platform Engineer is responsible for supporting the platform and maintaining the infrastructure that enhances the organization's threat detection capabilities. This role involves managing CI/CD pipelines, cloud environments, virtual machines, and data lakes, ensuring efficient log data ingestion and monitoring log health. Proficiency in Python and coding is essential for automating processes and developing custom solutions.

Key Responsibilities:

• Assist the platform lead in ensuring the availability and reliability of the infrastructure platform, CI/CD pipelines, and related systems.
• Maintain and manage CI/CD pipelines to facilitate efficient and reliable software delivery.
• Maintain and manage cloud environments and virtual machines to support threat detection operations.
• Maintain and manage data lakes for storing and processing large volumes of log data.
• Ensure seamless ingestion of log data into the data lake and monitor log health to maintain data integrity.
• Utilize Sigma tool for creating and managing detection rules and queries.
• Automate infrastructure processes and develop custom solutions using Python.
• Collaborate with the threat detection team to optimize infrastructure for enhanced detection capabilities.
• Conduct regular infrastructure audits and performance tuning to ensure optimal operation.
• Document infrastructure setup and maintenance processes for future reference and training.
• Respond to technical support and resolve infrastructure-related issues.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Proven experience in infrastructure management, including CI/CD pipelines, cloud environments, and virtual machines.
• Understanding of data lake architecture and log management.
• Experience with Sigma tool for threat detection.
• Proficiency in Python programming and coding for automation and solution development.
• Ability to work collaboratively in a team environment and communicate effectively with technical and non-technical stakeholders.
• Strong problem-solving skills and attention to detail.

Preferred Skills:

• Experience with cloud platforms and services (e.g., AWS, Azure).
• Familiarity with cybersecurity principles and threat detection methodologies.
• Deep knowledge of network security and protocols.
• Experience in threat hunting and relevant frameworks such as PEAK and TAHITI.

Working Conditions:

• This role may require occasional on-call support and flexibility in working hours to address urgent security incidents.

Overview:

We're expanding our Threat Detection Engineering team at Atlassian to incorporate cutting-edge machine learning techniques into our security detection capabilities. We're seeking a talented security professional with a strong background in machine learning to join our team. This role involves developing and deploying machine learning models to identify emerging threats, enhancing our detection systems, and collaborating with cross-functional teams to elevate our security posture. While extensive experience in both security detection and machine learning is ideal, we also welcome candidates with strong machine learning expertise who are eager to apply their skills to the security domain. A proven track record of leading complex technical projects and excellent collaboration and communication skills are essential.

Working at Atlassian

Atlassians can choose where they work – whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.

Responsibilities:

• Develop and implement advanced threat detection mechanisms using machine learning models to identify and alert on adversarial or high-risk behaviours within Atlassian's systems.
• Continuously improve and fine-tune machine learning models and detection systems to adapt to new and emerging cyber threats.
• Monitor and enhance critical detection systems to ensure their reliability and effectiveness in delivering robust detection capabilities.
• Deploy and integrate new detection technologies and machine learning models to continuously uplift and improve our detection capabilities.
• Collaborate with partner teams, including Incident Response and Threat Intelligence, to establish and maintain meaningful security alerts. Ensure security alerts are relevant, actionable, and aligned with the overall security strategy.
• Work closely with Product Engineering, Data Platform, and Security Engineering teams to advance our detection coverage and tooling in our production cloud environments.
• Automate complex security operational tasks to streamline and optimize routine security activities.
• Stay informed about the latest security trends, emerging threats, and evolving technologies to ensure Atlassian is well-prepared to adapt to new security challenges. Engage in continuous learning and remain abreast of industry developments to inform the company's security strategy.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, Data Science, or a related field.
• Minimum 3 years of experience in roles related to machine learning, with a strong interest in applying these skills to threat detection.
• Proven experience developing and deploying machine learning models for various use cases is must.
• Experience or interest in building effective detection capabilities in modern cloud environments.
• Proficiency in languages such as Python, SQL, or similar, with experience in building automation.
• Familiarity with security detection technologies and systems, such as firewalls, intrusion detection systems, EDR, and authentication systems, is a plus.
• Strong analytical skills with the ability to identify and resolve complex problems.
• Demonstrated ability to lead and deliver complex projects.
• Excellent collaboration and communication skills, with the ability to work effectively in a distributed team environment.

Benefits & Perks

Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit

About Atlassian

At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.

We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.

To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.

To learn more about our culture and hiring process, visit