Logo-of-STACKTECH-PTE.-LTD.-hiring-for-jobs-in-Singapore-on-GrabJobs

Security Detection & SIEM Engineer

salary Salary :

$5,500 - 9,500 monthly

Job Description - Security Detection & SIEM Engineer

职位概要

我们正在寻找一位 Security Detection & SIEM 工程师,负责支持及提升公司的安全监控、威胁检测及日志管理能力。此职位负责 SIEM 平台管理、安全事件分析、检测工程,以及区域环境中的平台稳定性。

理想的候选人应具备安全监控营运、日志分析、行为检测、SIEM 平台管理、扎实的 Linux 系统管理能力,以及技术故障排除经验。

此职位主要负责生产环境中的开源 SIEM 平台。成功录用者需能够在最低监督下,独立负责 Linux 系统管理、SIEM 平台运维、生产环境故障排除,以及日常营运支持工作。

主要工作职责

安全监控与事件分析

  • 执行每日安全警报监控与分析,包括警报分流(Alert Triage)、分类、调查、升级处理及案件结案。
  • 支持安全事件调查,并在需要时与基础设施及应用系统团队协调合作。
  • 通过日志分析及根本原因识别调查安全事件。
  • 编制每周安全监控及警报趋势报告,包括事件摘要、检测指标及营运观察。

SIEM 平台管理与检测工程

  • 主导 SIEM 平台配置、日志接入(Log Onboarding)、规则优化及跨服务器、应用系统与网络基础设施的检测优化工作。
  • 定义及优化检测逻辑,包括关联规则(Correlation Rules)、行为指标(Behavioral Indicators)及监控使用场景。
  • 维护并持续改善 AI 辅助检测及行为分析工作流程。
  • 支持检测内容及整体营运效能的持续优化。

日志管理与平台运维

  • 部署及管理 Linux、Windows 及网络设备上的日志收集代理(Log Collection Agents),确保日志收集稳定且完整。
  • 支持操作系统及应用程序日志整合,以进行监控、关联分析及活动分析。
  • 确保 SIEM 平台的健康状态、日志保留、监控覆盖率及整体可靠性。
  • 执行 Linux 系统管理、故障排除及生产环境营运支持。
  • 执行平台维护、升级、健康检查及营运改善工作。
  • 进行根本原因分析,并解决生产环境相关的平台问题。

技能与资格要求

必备条件(Must Have)

  • 至少 5 年 SIEM 平台管理、安全监控、检测工程或 SOC(Security Operations Center)营运经验。
  • 扎实的 Linux 系统管理能力。
  • 具备开源 SIEM 平台(例如 Wazuh、ELK Stack、OpenSearch、Graylog)的实际操作经验。
  • 具备 SIEM 平台管理、日志接入(Log Onboarding)、检测规则优化、安全事件调查、平台故障排除及生产环境支持经验。
  • 能够在最低监督下独立负责生产环境 SIEM 平台的日常营运工作。

加分条件(Nice to Have)

  • 具备 Splunk、IBM QRadar、Google SecOps 或 Microsoft Sentinel 使用经验。
  • 熟悉 Python、Shell Script、自动化及 API 整合。

核心能力

  • Linux 系统管理
  • 开源 SIEM 平台管理
  • 安全监控与事件分析
  • 检测工程(Detection Engineering)
  • SIEM 平台运维
  • 生产环境故障排除
  • 根本原因分析
  • 独立营运管理能力
  • 自动化与脚本开发
  • 跨团队沟通能力

Job Summary

We are seeking a Security Detection & SIEM Engineer to support and enhance the organization's security monitoring, detection, and log management capabilities. This role is responsible for SIEM administration, security event analysis, detection engineering, and platform reliability across regional environments.

The ideal candidate will have hands-on experience in security monitoring operations, log analysis, behavioral detection, SIEM platform management, strong Linux administration skills, and technical troubleshooting capabilities.

This role primarily supports a production Open-Source SIEM environment. The successful candidate is expected to independently manage Linux systems, SIEM platform operations, production troubleshooting, and daily operational support with minimal supervision.

Key Responsibilities

Security Monitoring & Event Analysis

  • Perform daily security alert monitoring and analysis, including alert triage, classification, investigation, escalation, and case closure.
  • Support incident investigation and coordinate with infrastructure and application teams where required.
  • Investigate security events through log analysis and root cause identification.
  • Prepare weekly security monitoring and alert trend reports, including event summaries, detection metrics, and operational observations.

SIEM Administration & Detection Engineering

  • Lead SIEM configuration, log onboarding, rule tuning, and detection optimization across servers, applications, and network infrastructure.
  • Define and refine detection logic, including correlation rules, behavioral indicators, and monitoring use cases.
  • Maintain and improve AI-assisted detection and behavioral analysis workflows.
  • Support continuous improvement of detection content and operational effectiveness.

Log Management & Platform Operations

  • Deploy and manage log collection agents across Linux, Windows, and network devices to ensure stable and complete log coverage.
  • Support integration of OS and application logs for monitoring, correlation, and activity analysis.
  • Ensure platform health, log retention, monitoring coverage, and overall reliability of the SIEM environment.
  • Perform Linux system administration, troubleshooting, and production operational support.
  • Perform platform maintenance, upgrades, health checks, and operational improvements.
  • Conduct root cause analysis and resolve production-related platform issues.

Preferred Skills & Qualifications

Must Have

  • Minimum 5 years of experience in SIEM Administration, Security Monitoring, Detection Engineering or SOC Operations.
  • Strong Linux system administration skills.
  • Hands-on operational experience with Open-Source SIEM platforms (e.g. Wazuh, ELK Stack, OpenSearch, Graylog).
  • Experience in SIEM Administration, Log Onboarding, Detection Rule Tuning, Security Event Investigation, Platform Troubleshooting and Production Environment Support.
  • Ability to independently manage production SIEM operational activities with minimal supervision.

Nice to Have

  • Experience with Splunk, IBM QRadar, Google SecOps or Microsoft Sentinel.
  • Python, Shell scripting, Automation and API Integration.

Key Competencies

  • Linux System Administration
  • Open-Source SIEM Administration
  • Security Monitoring & Incident Analysis
  • Detection Engineering
  • SIEM Platform Operations
  • Production Troubleshooting
  • Root Cause Analysis
  • Independent Operational Ownership
  • Automation & Scripting
  • Cross-functional Communication
Original job Security Detection & SIEM Engineer posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
Share Job
Share Job
💰

Technology Salaries

Similar Jobs in Singapore

GrabJobs is the no1 job portal in Singapore, connecting you to thousands of jobs fast! Find the best jobs in Singapore, apply in 1 click and get a job today!

Mobile Apps

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.