Cyber Security Engineer (4HC / 6 month contract)

We are seeking an experienced Cyber Log Management & SIEM Engineer (Contract) to support our cybersecurity operations team. The ideal candidate will have strong hands-on experience in log management, SIEM administration, Cribl data pipeline handling, and security data lake integration, alongside a solid understanding of Identity and Access Management (IAM) principles within the Authentication, Authorization, and Accounting (AAA) framework.

This role involves reviewing and mapping log event requirements, onboarding new log sources into SIEM, analysing data field mappings, liaising with system owners, and troubleshooting log data issues to maintain high-quality visibility across security monitoring systems.

Key Responsibilities

• Develop and refine detection logic for identity threats within SIEM, UEBA, or XDR platforms using MITRE ATT&CK and ATT&CK for Identity frameworks.

• Collaborate with application teams and log source platform owners to review custom application logs, assess compatibility for security monitoring, and facilitate their onboarding into SIEM platforms and data lakes.

• Define log parsing, normalization, and enrichment requirements to ensure high-fidelity data onboarding for developing new use cases and threat detection content.

• Work closely with IAM, SOC, and Threat Intelligence teams to integrate behavioral analytics and intelligence-driven detection methods.

• Perform log source onboarding to SIEM, including parsing, data field mapping, and validation.

• Work with stakeholders to identify and document log event requirements based on use cases and detection needs.

• Design and implement log ingestion pipelines using Cribl for data transformation, enrichment, and routing to SIEM and the data lake.

• Conduct regular log reviews to ensure completeness, accuracy, and compliance with cybersecurity monitoring coverage requirements.

• Collaborate with infrastructure and application teams to resolve log transmission and formatting issues.

• Maintain and update log source onboarding documentation, data dictionaries, and parsing logic.

• Support and advise on AAA monitoring (Authentication, Authorization, and Accounting) for identity systems such as Active Directory, PAM, and SSO.

• Participate in troubleshooting and triage for log collection or ingestion incidents affecting visibility or detections.

• Work closely with SOC analysts, threat detection engineers, and platform engineers to ensure high-quality log data and detection fidelity.

• Continuously enhance log visibility, hunting processes, and automation pipelines in alignment with DBS’s Cyber Defence and Data Governance Frameworks.

Required Skills and Experience

• 3–6 years hands-on experience in cyber log management, SIEM operations, or security data engineering.

• Proficient in SIEM (log parsing, DSM configuration, rule tuning, AQL queries).

• Experience with Cribl Stream or equivalent data pipeline tools.

• Familiarity with data lake architectures and security data integration concepts (e.g., Splunk Data Lake, AWS S3-based security data stores).

• Strong grasp of Identity Access Monitoring and AAA frameworks, particularly around authentication and authorization logs.

• Demonstrated experience in log data standardization and field mapping (e.g., CEF, JSON, syslog formats).

• Working knowledge of Linux, network protocols, and syslog mechanisms.

• Practical experience working with custom log sources, data normalization (CEF, JSON, Syslog), and event schema mapping.

• Excellent analytical and communication skills for liaising across technical and operations teams.

• Strong collaborator across technology and business domains, with excellent written and verbal communication skills.

• Experience with SIEM correlation rules and detection use cases.

• Familiarity with Cribl Edge deployment or streaming telemetry pipelines.

• Understanding of MITRE ATT&CK coverage mapping through log data.

• Relevant certifications such as IBM QRadar Certified Specialist, Splunk Core Certified Power User, or CompTIA Security+ / GIAC GCIA.

Interested candidates may apply through the application system. We regret to inform only Shortlisted candidates will be notified.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOL Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolsingapore.com/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.

PERSOL Singapore Pte Ltd • RCB No. 200007268E • EA License No. 01C4394 • EA Registration No. R1877971 (Derrick Tiew Yong Han)