Security Detection & SIEM Engineer

Key Responsibilities

• Lead SIEM configuration, rule tuning, and onboarding of logs from servers, applications, and network infrastructure.

• Perform daily security alert monitoring and analysis, including alert triage, classification, investigation, escalation, and case closure.

• Prepare weekly security monitoring and alert trend reports, including event summaries, detection metrics, and operational observations.

• Deploy and manage log collection agents across Linux, Windows, and network infrastructure, ensuring stable log coverage and platform reliability.

• Maintain and enhance AI-assisted detection and behavioral analysis workflows, including alert flow stability and detection optimization.

• Define and refine detection logic, including rules, correlation patterns, and behavioral indicators.

• Support integration of OS and application logs for monitoring, correlation, and activity analysis.

• Manage dashboards, alert metrics, and reporting to provide visibility into security posture and monitoring operations.

• Support incident investigation and coordinate with infrastructure and application teams where required.

• Ensure platform health, log retention, monitoring coverage, and overall reliability of the SIEM environment.

Preferred Skills & Qualifications

• Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, or related field.

• Minimum 5 years of experience in SIEM administration, security monitoring, or detection engineering.

• Hands-on experience with SIEM, log management, or security monitoring platforms.

• Strong knowledge of Linux and Windows systems administration and security log analysis.

• Experience with Python, Shell scripting, or automation tools for log processing and workflow optimization.

• Familiarity with security event correlation, behavioral analysis, and detection engineering concepts.

• Exposure to API integration, middleware, or AI-assisted analysis solutions is an advantage.

• Strong analytical, troubleshooting, and problem-solving skills with attention to detail.

• Ability to communicate effectively in English

• Fluency in spoken and written Chinese is essential, as the role requires frequent liaison with Chinese-speaking counterparts and stakeholders, and the preparation, review and handling of Chinese-language work materials.


主要職責

資安監控與事件分析

• 執行日常資安警示監控與分析，包括警示分流、分類、調查、升級處理及案件結案
• 支援資安事件調查，並在需要時與基礎架構及應用程式團隊協作
• 準備每週資安監控與警示趨勢報告，包括事件摘要、偵測指標及營運觀察

SIEM 管理與偵測工程

• 主導 SIEM 設定、日誌導入、規則調校及偵測優化，涵蓋伺服器、應用程式及網路基礎架構
• 定義並優化偵測邏輯，包括關聯規則、行為指標及監控使用情境
• 維護並改善 AI 輔助偵測及行為分析工作流程

日誌管理與平台營運

• 在 Linux、Windows 及網路設備上部署並管理日誌收集代理程式，確保穩定且完整的日誌覆蓋範圍
• 支援作業系統與應用程式日誌整合，用於監控、關聯分析及活動分析
• 確保 SIEM 環境的平台健康狀態、日誌保存、監控覆蓋率及整體可靠性

儀表板與報告

• 管理儀表板、警示指標及報告，提升組織資安狀態的可視性
• 支援營運報告及資安監控績效檢討

流程改善與自動化

• 透過腳本與系統整合，推動資安監控自動化及工作流程改善
• 參與資安平台強化與營運優化專案

理想條件

• 資訊安全、網路安全、電腦科學或相關領域學士學位
• 至少 5 年 SIEM 管理、資安監控或偵測工程相關經驗
• 具備 SIEM 或日誌平台實務經驗，例如 ELK、Wazuh、Splunk、Graylog、QRadar 或相關技術
• 熟悉 Linux 與 Windows 系統管理及資安日誌分析
• 具備 Python、Shell Scripting 或自動化工具經驗，可應用於日誌處理與工作流程優化
• 熟悉資安事件關聯分析、行為分析及偵測工程相關概念
• 具備 API 整合、中介軟體或 AI 輔助分析解決方案經驗者佳
• 具備良好的分析、故障排除與問題解決能力，並注重細節
• 能以英文進行有效溝通；具普通話能力者佳，有助於與區域利害關係人協作
• 須具備流利的中文聽說讀寫能力，因本職位需經常與中文溝通之合作方及持份者聯繫，並需撰寫、審閱及處理中文工作文件

核心能力

• 資安監控與事件分析
• SIEM 管理
• 偵測工程
• 日誌管理與關聯分析
• 自動化與腳本撰寫
• 分析思維
• 問題解決能力
• 跨部門溝通與協作能力

對資安偵測、SIEM 平台管理及資安監控營運有豐富經驗，並希望參與區域型資安平台優化與威脅偵測工作的專業人士，歡迎與我們聯繫了解更多。

Lumina Advisory & Global Search Pte Ltd | 25C3262

Joyce Yeo | R1218489