Personal improvement and growth are taken seriously here. The flexibility to work on both proactive and reactive cyber security engagements has greatly expanded my exposure and abilities in serving our clients.
Senior Associate, Detection Engineer, Cyber Managed ServicesManila, Philippines
What makes a successful Cyber Security employee at Kroll? Check out the traits we’re looking for and see if you have the right mix.
- Relationship expertise
- Technologically inquisitive
Kroll offers many career paths to support your immediate and future success.
Intern leads to Associate, Cyber Risk
Associate, Cyber Risk leads to Senior Associate, Cyber Risk
Senior Associate, Cyber Risk leads to Vice President, Cyber Risk
Vice President, Cyber Risk leads to Senior Vice President, Cyber Risk
Senior Vice President, Cyber Risk leads to Associate Managing Director, Cyber Risk
Associate Managing Director, Cyber Risk ends this path
At Kroll Cyber Risk, I find the collaboration and real sense of teamwork very inspiring. Personal egos are not encouraged! Communication with senior management is also straightforward and responsive. An excellent working environment.
Bill AndersonVice President, APAC Cyber Risk, Singapore
Opportunities for new cyber challenges, knowledge, and career growth are plentiful here. Not only is your success supported through regular professional training, the entire global team also contributes to information sharing via collaboration tools and weekly group presentations. We truly work as a global team and no one ever hesitates to step up and help.
David KloppAMD, Cyber Risk, Singapore
At Kroll you have the opportunity to learn different aspects of cyber security allowing you to develop a set of skills beneficial to your career growth and development. Kroll invests in cyber security and each employee can receive sponsorship for cyber training. In addition, they encourage a work life balance allowing you to do different things for yourself and the team.
Rick LiSenior Associate, Cyber Risk, Hong Kong
The Kroll Cyber team has a great culture. Everyone is down to earth and willing to help each other out. There are no big egos to contend with, which makes for a vibrant and collaborative working environment.
One of the significant differences between Kroll Cyber and other places I have worked is how easy it is to work across international teams. There are no bureaucratic processes; all it takes is a quick conversation to organise logistics.
Mark FarleySenior Vice President, EMEA Cyber Risk, London
Working for the group is awesome, from the amazing culture to a diverse range of projects undertaken. The benefits of being in a global team and collaborative knowledge sharing is unparalleled compared to competitors. Everyday can be different, however it typically consists of helping clients improve their cyber security, constant learning and problem solving.
Hassan MahmudAssociate, EMEA Cyber Risk, London
One of the things I appreciate most from being at this company is the feeling of support. Whether that be helping to develop my work product, ensuring I receive sufficient training, or affording me flexibility when life demands it, I always have the sense that Kroll has my back, and that is a valuable thing indeed.
Ben HawkinsSenior Managing Consultant, EMEA Cyber Risk, London
Ongoing training and development opportunities at all levels of the firm through programs such as Kroll, The Promote Program and Network of Women.
As a global firm, our benefits vary by country.
Be part of a flexible and diverse team that encourages and supports your personal and professional growth.
Senior Associate, Detection Engineer, Cyber Managed ServicesJob ID 21009046 Manila, Philippines Apply now
In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.
Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience.
Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.
At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll.
Working within our Security Operations Centre as a Detection Engineer, the focus of this role is the implementation of security monitoring, detection and response technologies across Kroll’s client base. This involves developing, testing and tuning security content across EDR and SIEM technologies.
- Develop, test and tune detections (aka use cases, rules) for the latest threats using leading SIEM and EDR technologies.
- Identify false positives/negatives and tune detections to increase fidelity.
- Understand the threat landscape including new/emerging threats.
- Develop, test and tune parsers to normalise raw logs.
- Handle requests for new detections, determine the security value of those requests and clearly explain your decision to stakeholders.
- Be an SME on audit logging and recommend configurations to customers.
- Improve the computational efficiency of existing content.
- Work with customers to build effective whitelists and blacklists.
- Understand and master data sources across a variety of categories including Windows, Linux, Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls, Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access Control, Application Control and Productivity Apps.
- Collaborate with key stakeholders across the SOC, Threat Intelligence, Offensive Security, Sales Engineering, Engineering, Project, Product and Sales Teams.
- Create scalable processes through automation.
- Document designs and processes.
- Familiar with prevailing threats and how to mitigate them using EDR or SIEM.
- Understanding of Windows or Linux telemetry.
- Experience writing or tuning detections for EDR or SIEM technologies.
- Familiarity with the Mitre ATT&CK framework.
- Understand security principles and practices.
- Proficient with Regex.
- Proven capability to learn and deliver to a high standard within deadlines.
- Strong organisational skills and an ability to appropriately prioritise tasks.
- Ability to relay complex technical subject matter to non-technical stakeholders.
- Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment.
- SANS/GIAC certifications preferred.
- Written and verbally fluent in English
- Manila, Philippines.
Kroll offers a flexible working, a great benefits package and excellent opportunities for career and personal development.
In order to be considered for a position at Kroll, you must formally apply via careers.kroll.com
Kroll is committed to equal opportunity and diversity, and recruits people based on merit