Description:

Description Threat Detection Engineer:

What’s the role

The role is part of the CISO (Cyber Information Security Office) in the Information and Digital Technology organization. The Threat Detection Engineering team supports Shell’s CyberDefence team by developing and implementing cyber threat detection capabilities. These capabilities identify adversary tactics, techniques, and procedures (TTPs), enabling swift action on Events of Interest. Input from various CyberDefence teams, including Threat, Detect, Incident, and the Red Team, informs the detection opportunities. Threat Detection Engineering helps to recognize malicious activities in the early stage of the kill chain, providing an opportunity to intervene before significant harm occurs.

What you’ll be doing

As the Threat Detection Engineer, you will develop correlation searches and reporting capabilities that result in actionable events of interest. The detection searches created in Splunk and Sentinel must be both performant and accurate and continuously updated to adapt to the ever-changing threat landscape.

Accountabilities
• Deliver the Threat Detection Engineering Use Case backlog
• Use scripting/programming languages to test Use Cases and manage git repos
• Develop and implement Custom of use cases that are not yet covered by existing tools and solutions
• Translate IoC use case requests into optimized technical implementation and translate behavioral analytics use case requests into algorithms to be deployed in CyberDefence technologies
• Work with the wider CyberDefence organization in understanding requirements for detection capabilities and detection logic and able to work with the CyberDefence LT to prioritize work effort
• Be the quality gatekeeper for all new and existing detection use cases, with a focus on minimizing false positives and rework
• Support and develop other CyberDefence extended team members with experience and best practices in a continuous learning environment
• Support activities to embed automated use case testing and validation checks

What you bring

• Has a significant IT security experience and solid engineering background
• Experience with solution building by secure in design principles
• Proven experience in coding or scripting experience in languages
• Provenexperience in Splunk Search Processing Language (SPL), some experience with Microsoft Sentinel Kusto Query Language (KQL) preferred
• SC-200 and or Splunk certifications preferred
• Experience developing Indicators of Compromise (IoC) in Security Information & Event Management (SIEM) platforms
• Experience using Git repositories and knowledge of CI/CD pipelines
• Good technical understanding of common IT services including Azure and AWS cloud, Unix/Linux and Windows servers and client machines, database technologies, firewalls and network devices, popular application suites, etc
• Develops and maintains knowledge of cyber security and maintains an awareness of current developments
• Has excellent written and verbal communication skills and provides well-informed advice to own and others outside the core team.

Expectation is to work from office location Amsterdam/The Hague 3 days a week from January 2026 onwards