JOIN OUR TEAM

At Levi Nine we are passionate about what we do. We love our work and together in a team we are smarter and stronger. We work in a dynamic and challenging environment with talented and forward-thinking people who are part of creative and innovative teams. We are looking for skilled team players who make change happen. Are you one of these players?

OUR PARTNER:

Our partner, ABN AMRO Clearing, is a global leader in the domain of clearing, offering access to a wide range of listed instruments on markets across the globe.

IT is at the heart of their organization with more than 30 different product teams and 10 different platform teams that are trying to build the best products & services for their customers.

Their presence in important financial centers like Amsterdam, Chicago, Sydney, Singapore, Tokyo Hong Kong, London, Sao Paulo, Frankfurt and Iasi, allows them to effectively serve clients worldwide and maintain close proximity to their diverse customer base.

THE ROLE INVOLVES:

As a Senior SOC Analyst (L3) – Detection Lead, you own the Detection Engineering capability within the SOC, with a strong focus on Splunk Enterprise Security.

You play a key role in a SOC build-up phase, establishing a scalable detection foundation from the ground up.

You define detection strategy, ensure high-quality detection coverage aligned with the threat landscape, and guide L2 engineers in building effective detections.

This role bridges detection engineering, threat hunting, and incident response, acting as the technical authority within the SOC.

Responsibilities:

• Define and drive the detection strategy and roadmap.

• Ensure high-quality, high-fidelity detections in SIEM (Splunk).

• Map detection coverage to MITRE ATT&CK and identify gaps.

• Mentor L2 detection engineers.

• Define detection standards and best practices.

• Drive continuous improvement of detection quality and efficiency.

• Support complex investigations and threat-driven detection improvements.

• Collaborate with the SIEM/platform engineering team to define detection requirements and required data sources, without owning ingestion or platform maintenance.

TECHNICAL PLAYGROUND:

• 5+ years of experience in cybersecurity with strong focus on detection engineering / threat hunting / incident response

• Strong experience with SIEM platforms (preferably Splunk ES)

• Proven ability to define detection strategy and standards

• Deep expertise in:

  • MITRE ATT&CK

  • Risk-Based Alerting (RBA)

  • SIGMA rules

• Experience with Detection as Code (DaC) and structured detection engineering approaches (e.g., OpenTIDE)

• Strong understanding of attacker TTPs and detection mapping

• Ability to mentor and guide engineers, raising the overall technical maturity of the team

• Strong collaboration skills, especially with platform engineering teams and other security domains

• Ability to work at both strategic (what to detect) and tactical (how to detect it) levels

NICE TO HAVE:

• Certifications such as the following would be desirable but not mandatory: GCIH, GDAT, GCDA, GISP, OSDA, CCFR, SC-900, SC-200, Splunk

• Experience with SOAR, CI/CD, adversary emulation

• Experience building SOC capabilities from scratch

• A keen interest in cyber security and a desire to learn more and improve the current way of working

• Relevant university degree in Computer Science, Engineering, or a related field

SOFT SKILLS:

• Fluent English, with good written and verbal communication skills

• Strong analytical and strategic thinking

• Coaching and mentoring mindset

• Ownership and proactive approach

• Clear communication across technical and non-technical stakeholders

• Desire to continuously learn and improve in a complex, rapidly evolving environment