Group Specialist - Threat Detection

KEY ACCOUNTABILITIES

1. Develop and operationalize AI/ML-based threat detection models across endpoint, identity, network, and cloud environments.

2. Operationalise threat intelligence feeds into AI-driven detection pipelines, ensuring alignment with MITRE ATT&CK TTPs.

3. Design, develop, and deploy detection use cases across SIEM and XDR platforms.

4. Build, maintain, and continuously tune detection rules, KQL queries, and analytics for improved detection fidelity.

5. Design and enhance UEBA (User and Entity Behaviour Analytics) models to detect anomalies, insider threats, and advanced persistent threats (APTs).

6. Collaborate with red team and adversary simulation functions to validate detection coverage against real-world attack scenarios.

7. Drive proactive threat hunting by developing automated workflows leveraging AI-assisted query generation and anomaly detection.

8. Continuously evaluate detection effectiveness, reduce false positives, and improve signal-to-noise ratio.

9. Integrate multiple threat intelligence sources and contextual data to enrich detections and improve response outcomes.

10. Contribute to the development of threat detection standards, frameworks, and best practices.

11. Maintain up-to-date knowledge of evolving threats, adversary techniques, and detection technologies to continuously strengthen the organization's cyber defense capabilities.

12. Act as an ambassador for DP World at all times when working promoting and demonstrating positive behaviours in harmony with DP World's Principles, values and culture ensuring the highest level of safety is applied in all activities understanding and following DP World's Code of Conduct and Ethics policies.

13. Perform other related duties as assigned.

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

• Bachelor's degree in computer science, Cyber Security, Information Systems, or related field.

• 8+ years of experience in cybersecurity, with a strong focus on threat detection, threat hunting, or detection engineering.

• Hands-on experience with SIEM/XDR platforms, preferably Microsoft Sentinel and Falcon /Cortex/Stellar Cyber/Defender XDR.

• Strong understanding of MITRE ATT&CK framework and adversary tactics, techniques, and procedures (TTPs).

• Experience in developing detection logic, analytics, and threat hunting queries (e.g., KQL).

• Experience in AI/ML applications for cybersecurity, including anomaly detection and behavioural analytics.

• Experience working with threat intelligence platforms and integrating intelligence into detection workflows.

• Familiarity with cloud security (Azure, AWS), endpoint security, and identity-based threat detection.

• Relevant certifications such as GCIA, GCIH, GCED, AZ-500, SC-200, or equivalent are preferred.

• Experience in multinational environments is an advantage.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills.
• Ability to work in cross-functional teams (SOC, Red Team, Engineering).
• Proactive mindset with strong attention to detail.
• Ability to manage multiple priorities in a fast-paced environment.
• Continuous learning attitude, especially in AI and emerging cyber threats.

Technical Skills

• Proficiency in KQL (Kusto Query Language) and detection rule development.
• Strong understanding of SIEM, XDR, EDR technologies.
• Experience with UEBA and behavioural analytics platforms.
• Hands-on experience of AI/ML concepts applied to cybersecurity (anomaly detection, classification models).
• Understanding of log sources and telemetry across endpoint, network, identity, and cloud.
• Familiarity with scripting languages (Python, PowerShell) for automation and analysis.
• Experience with threat hunting frameworks and automation tools.
• Strong knowledge of cyber threats, attack techniques, and detection strategies.