Threat Detection Engineer

About Us:MUFG Bank, Ltd. is Japan’s premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Bank’s parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the world’s most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFG’s shares trade on the Tokyo, Nagoya, and New York stock exchanges.MUFG Global Service Private Limited:Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFG’s global network across Americas, EMEA and Asia Pacific.About the Role:Position Title: SCRAT Engineer Corporate Title: Senior AnalystReporting to: DirectorLocation: Bengaluru Shift Timing: 1:00PM - 10:00 PM IST (Need to be flexible) Job Profile:Roles and Responsibilities:Operate under the SOC function, reporting to the SOC Manager, with responsibility for developing and fine-tuning detection logic and correlation rules in Splunk SIEM and other detection platforms (e.G., Splunk ES, UBA, SOAR)Collaborate actively with the Global Security Content and Response Automation Team (SCRAT) to enhance detection logic and response automationParticipate in daily SOC stand-up calls and provide support for complex query development and troubleshootingOversee the quality and effectiveness of detection logic, continuously reducing false positives and improving alert fidelity through iterative tuning and feedbackWork closely with SOC Engineering to ensure necessary telemetry and event sources are available for effective threat detectionStay up to date with emerging threats and attacker techniques, translating threat intelligence into actionable detection contentMaintain comprehensive documentation for detection logic, including rule rationale, expected behavior, and tuning history.Perform threat coverage gap analysis and mapping using frameworks such as MITRE ATT&CKSupport threat hunting initiatives by developing custom queries, dashboards, and analyticsMentor junior Splunk administrators on data ingestion, parsing, indexing, and troubleshootingParticipate in red/blue/purple team exercises to validate and improve detection effectiveness.Assist in the development of detection-related KPIs and metrics for SOC performance reporting.Job Requirements: - 3–5 years of experience in SOC, threat detection, or security engineering rolesAdvanced proficiency in analyzing security events across both Linux and Windows environments, including log source normalization and enrichmentStrong command of SIEM query languages (e.G., Splunk SPL, KQL, CrowdStrike Query Language), with the ability to write complex queries for threat detection, hunting, and anomaly identificationProficiency in scripting languages such as Python and PowerShell, with experience automating detection logic and integrating with orchestration workflowsDemonstrated expertise in building and maintaining detection content, including correlation searches and risk-based alertingDeep understanding of the MITRE ATT&CK framework and the ability to accurately map detection logic to specific TTPsHands-on experience with the Splunk ecosystem, including Enterprise Security (ES), User Behaviour Analytics (UBA), SOAR, and apps like TrackMeStrong foundational knowledge of cybersecurity principles, threat landscapes, and incident response methodologiesExcellent communication and collaboration skills, with the ability to work effectively across SOC, IR, and global engineering teamsStrong analytical and problem-solving abilitiesSplunk certifications (e.G., Admin, Architect) are a pluEqual Opportunity Employer:The MUFG Group is committed to providing equal employment opportunities to all applicants and employees and does not discriminate on the basis of race, colour, national origin, physical appearance, religion, gender expression, gender identity, sex, age, ancestry, marital status, disability, medical condition, sexual orientation, genetic information, or any other protected status of an individual or that individual's associates or relatives, or any other classification protected by the applicable laws.