Cyber Threat Investigation Specialist

ABOUT THE JOB

We are looking for an experienced Cyber Threat Investigation Specialist to strengthen cybersecurity monitoring, detection engineering, and incident response capabilities across regional operations.

This role will play a key part in designing and enhancing security detection use cases, improving SIEM/SOAR capabilities, supporting SOC operations, and leading security investigation activities based on evolving cyber threats and real-world attack scenarios. The ideal candidate combines strong hands-on expertise in detection engineering, incident response, threat hunting, and security operations with the ability to work effectively across regional and global stakeholders.

A major focus of this role is security use case design and development, leveraging MITRE ATT&CK methodologies, SIEM technologies, and security automation capabilities to improve overall threat detection and incident response effectiveness.

Your Missions

Security Detection Engineering & Threat Monitoring

• Design, develop, implement, and enhance security detection use cases based on real-world attack scenarios and MITRE ATT&CK framework
• Strengthen cybersecurity detection capabilities across enterprise environments through continuous improvement of detection logic and monitoring strategies
• Enhance SIEM and SOAR capabilities to improve threat detection, alert enrichment, automation, and incident response efficiency
• Perform threat hunting and proactive security analysis to identify emerging threats, suspicious activities, and detection gaps
• Develop and enrich security monitoring content, use cases, correlation rules, and detection models across multiple security layers
• Collaborate with security operations teams to improve monitoring coverage and detection effectiveness for enterprise security events

Cyber Incident Response & Investigation

• Investigate cybersecurity incidents and assess the severity, impact, and scope of security events
• Lead and support incident response activities including detection, triage, investigation, containment, remediation, recovery, and reporting
• Perform log analysis, event correlation, and forensic investigation activities across enterprise environments
• Act as a subject matter expert for security investigations, malware analysis, and detection engineering activities
• Identify recurring security issues, operational gaps, and cyber risks, while recommending mitigation plans and process improvements
• Support 24/7 SOC operations and collaborate closely with security monitoring teams on critical incidents and escalations

Security Operations & Continuous Improvement

• Work closely with regional and global cybersecurity teams to improve operational readiness and incident response effectiveness
• Contribute to the continuous improvement of SOC processes, operational playbooks, incident response procedures, and security monitoring frameworks
• Support integrated security monitoring and incident handling initiatives across multiple cybersecurity functions
• Participate in audit, compliance, governance, and control-related activities to ensure alignment with internal security standards and regulatory requirements
• Contribute to cybersecurity reporting, metrics, and operational improvement initiatives across the organization

ABOUT YOU

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field
• 7+ years of experience in cybersecurity operations, incident response, or security engineering, with at least 4+ years specifically focused on security use case design and development
• Strong hands-on experience with SIEM platforms, particularly ELK (Elastic, Logstash, Kibana) within a cybersecurity operations environment (not limited to observability use cases)
• Proven experience in security use case design using MITRE ATT&CK framework, including threat modelling, detection engineering, and detection logic development
• Solid understanding of the full incident response lifecycle including detection, triage, investigation, containment, remediation, and reporting
• Experience in threat hunting, security event investigation, and log analysis across enterprise environments
• Knowledge of Java development for security use case coding and customization within security platforms
• Good working knowledge of Linux environments (RedHat/Ubuntu)
• Experience with scripting and automation using Python, PowerShell, Bash, or SQL
• Strong analytical, troubleshooting, and problem-solving capabilities with the ability to work autonomously in high-pressure environments
• Strong stakeholder management and communication skills, with experience collaborating across regional and global security teams

WHY AMARIS?

• An international community bringing together 110+ different nationalities
• An environment where trust has a central place: 70% of our key leaders started their careers at the first level of responsibilities
• A robust training system with our internal Academy and 250+ available modules
• A vibrant workplace that frequently gathers for internal events (afterworks, team buildings, etc.)
• At Mantu, sustainability is part of everything we do. You’ll have the opportunity to turn your ideas into action and make a tangible impact. Every day, our teams bring our ESG commitments to life, from reducing our footprint to driving positive change within our communities. Through our WeCare Together program, you’ll be empowered to design and lead projects that create real social or environmental impact, with the company’s full support.