Experteer Overview In this role you will drive the detection and operation of security services through continuous monitoring, coordinating with cross-functional teams to identify anomalies and oversee security operations. You will refine alerts, develop SIEM use cases, and support investigations with deep technical analysis. You will partner with Protect and Respond teams to ensure robust detection capabilities and readiness for crisis scenarios. This role combines hands-on detection work with collaboration across global teams to advance Holcim's security posture.Compensaciones / Beneficios
- Monitor security deviations across IT services (Public Cloud, MBSS, network) and drive improvements
- Coordinate and enhance Endpoint protection (alerts, footprint monitoring, incident escalation)
- Tune alerts and thresholds across IT Security Tools
- Develop SIEM use cases, log management policies, and source monitoring for real-time monitoring and future use
- Assist incident investigations with attacker behavior analysis, telemetry, and log correlation
- Oversee detection services (CTI, threat hunting, leaked credentials, look-alike domains, phishing alerts)
- Support security aspects of business divestments/acquisitions to ensure compliance with Holcim standards
- Analyze and refine existing alerts and detection logic to reduce noise and improve efficiency
- Maintain Holcim's knowledge base to support continuous monitoring and control deployment
- Collaborate with Protect and Respond teams to ensure detection capabilities are understood and ready in case of a breachResponsabilidades
- University degree in computer science, engineering, or related field
- At least one cybersecurity certification from ISACA, ISC2, Sans Institute or equivalent
- 5+ years of cybersecurity experience focused on detection engineering, security operations, or threat detection
- Preferential: Cybersecurity Master or SOC experience
- Hands-on experience with Google SecOPs SIEM/SOAR platform
- Experience developing detections using SentinelOne EDR/XDR
- Solid understanding of MITRE ATT&CK and attacker techniques
- Experience analyzing endpoint, network, cloud, and identity telemetry
- Experience with AWS and GCP security monitoring methodologies and tools
- Experience with incident handling methodologies
- Knowledge of adversarial behavior, malware basics, and system/network events
- Scripting or programming experience (Python, PowerShell, Bash) for automation/detection development
- High ethical standards, integrity, and ability to handle confidential matters
- Excellent English communication skills, both written and spoken
- Effective in diverse settings and strong team player, accustomed to global/virtual teamsRequisitos principales
-