Senior Specialist - Cyber Security

Senior Specialist Cybersecurity

Summary:

We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform.

Roles and Responsibilities:

- Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc.

- Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions.

- Developing custom content based on threat intelligence and threat hunting results.

- Identifying gaps in the existing security controls and develop/propose new security controls.

- SIEM Engineering and knowledge of integrating various log sources with any SIEM platform.

- Custom parsing of logs being ingested into the SIEM Platform

Job Requirements:

- 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arcsight /QRadar/Nitro ESM/etc.

- Deep understanding of MITRE ATT&CK Framework.

- Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools.

- Good understanding on networking concepts.

- Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)

- In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.

- Ability to identify gaps in the existing security controls.

- Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.

- Experience on EDR tools like Crowdstrike and good understanding on TTPs like Process Injection.

- Excellent communication, listening & facilitation skills

- Ability to demonstrate an investigative mindset.

- Excellent problem-solving skills.

Preferred:

- Understanding of MITRE ATT&CK framework.

- Demonstrable experience in Use case /rule creation on any SIEM Platform.

- Chronicle Backstory/ YARA / Crowdstrike rules is a plus.