Senior Cyber Detection Engineer

About us

A.P. Moller - Maersk is a global logistics company whose purpose is “Improving life for all by integrating the world”. We are embarking on an industry-defining transformation, on a bold new direction, expanding our capabilities to become a true end-to-end logistics provider that can deliver intelligent solutions for customers around the world. It’s a big moment for all of us – and we all have our part to play.

What We offer

To work at Maersk is to work with the world. You’ll learn from – and collaborate with – skilled professionals who literally move the world, every day. With a supportive environment to develop your skills, you’ll gain access to world-class learning programmes to accelerate your career goals. And you’ll find yourself welcome in our diverse and inclusive culture, where you are valued for who you are and rewarded for what you bring. For this and many other of our roles, we can offer the flexibility of hybrid working, alongside industry leading benefits.

About the role

Are you ready to be part of something transformational at Maersk and join a team that’s setting a new standard in cybersecurity?

The Senior Cyber Detect Engineer will help lead the Detection Engineering team to identify potential security threats and automate the processes that both detect and alert the resolver or response teams to these threats. The role typically involves a combination of monitoring, analysis, and the implementation of automated systems to enhance the efficiency and effectiveness of an organization’s cybersecurity measures

What you'll be doing

• Threat Detection:
  • Monitoring: reviewing networks, systems, and applications via the logs/ data received for signs of security breaches or unusual activities/ trends.
  • Develop and implement threat detection mechanisms across multiple platforms, including SIEM, EDR, XDR, and Deception tooling.
  • Regularly test and validate detection logic and triggers to ensure accuracy and reliability.
  • Analysis: Analyse security alerts and logs to identify potential threats and vulnerabilities to build out use cases and playbooks and to reduce the manual effort of investigating them.
  • Incident Response: Collaborate with incident response teams to investigate and mitigate security incidents.

• Automation:
  • Scripting and Tools Development: Develop and implement scripts and tools to automate repetitive tasks related to threat detection and incident response.
  • Integration: Integrate security tools and platforms (like SIEMs, IDS/IPS, firewalls) to streamline detection and response workflows.
  • Playbooks: Create and maintain automated response playbooks to standardize and accelerate incident handling processes.

• Detect Service Operations:
  • Rule Tuning: Continuously fine-tune detection rules and signatures to reduce false positives and enhance detection accuracy.
  • Threat Intelligence: Utilize threat intelligence feeds to stay updated on emerging threats and adapt detection mechanisms accordingly.
  • Help manage and maintain detections from the EDR platform to ensure aggregation and automation is driven via XDR.
  • Testing: Ensuring that simulations and testing against all detections are done quarterly to ensure all are still fit for purpose.

To succeed in this role, we believe that you can offer

• Strong knowledge of threat detection, TTPs (MITRE ATT&CK), and security data sources (e.g., Windows Event Logs, DNS, Proxy, EDR, Network Traffic).
• Advanced data analysis skills using tools such as KQL (Kusto), SQL, CQL, Python, Power BI, or similar for identifying trends and outliers in large datasets.
• Hands-on experience with one or more SIEM platforms (e.g., Azure Sentinel, CrowdStrike NGSIEM).
• Experience with detection-as-code, version control systems (e.g., Git), and CI/CD pipelines is desirable.
• Familiarity with log management and data pipeline tools (e.g., Cribl, Logstash, Fluentd) is a plus.
• Ability to work independently and lead detection-focused initiatives across teams and stakeholders.
• Strong understanding of cyber threat landscapes, risk-based detection approaches, and correlation rule development.
• Threat Analysis: Ability to analyse complex security data and logs to identify patterns indicative of security threats.

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing accommodationrequests@maersk.com.