Job Responsibilities

• Setting up security monitoring tools to receive raw security-relevant data (e.g. login/logoff events, persistent to outbound data transfers, firewall allows/denies, etc.). This includes making sure critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending logs to log management, log analytics, or SIEM tool.

• To use these tools to find suspicious or malicious activity by analysing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing findings with the threat intelligence SMEs; etc.

• Identifying capabilities and quality of these feeds and recommending improvements.

• Researching and developing new threat detection use cases based on threat research findings, threat intelligence, analyst feedback and available log data.

• Performing activities within the content life cycle, including creating new parsers/connectors and use cases, testing content; tuning, and removing content; and maintain associated documentation.

• Creating specifications that junior content engineers can leverage as use case requirements.

• Working with the other security functions and product SMEs to identify gaps within the existing analytical capabilities.

• Developing of custom scripts as required to augment default SIEM functionality.

• Participating in root cause analysis on security incidents and provide recommendations for containment and remediation.

• Acting as the liaison to business units to fulfill audit, regulatory compliance as well as corporate security policy requirements.

• Creating, implementing, and maintaining novel analytic methods and techniques for incident detection.

 

Requirements

• Bachelor’s Degree in Computer Science/Information Security or similar discipline is preferred.

• Experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).

• Understanding of various log formats and source data for SIEM Analysis.

• Minimum 5 years of information security experience, preferably engineering or development.

• 3 years experience supporting a SIEM platform in a content development role.

• 2 years experience performing SOC analysis and/or incident response.

• Prior Senior-level experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).

• Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.

• Strong incident handling/incident response/security analytics skills.

• Deep understanding of technical concepts including networking and various cyber-attacks.

• Solid background with Windows and Linux platforms (security or system administration).

​

Personal Attributes

• Willing to travel for customer support related assignment.

• Motivated, independent, team player and able to build and maintain good relationship with customer.

• Fluent in oral and written English.

• Possess good presentation skills.