Craft, own, and enhance default rules for our SIEM platform, ensuring robust detection across various data sources and timeframes.
Develop and implement SOAR workflows to automate incident response tasks.
Document SIEM configurations, detection rules, and incident response procedures.
Conduct thorough false positive analysis and contribute to the continuous improvement of our detection capabilities.
Design and manage sophisticated security detection systems to pinpoint threats and malicious activities.
Refine detection rules and algorithms to minimize false positives and guarantee prompt threat detection.
Analyse security logs, alerts, and outputs from diverse sources to interpret potential security incidents.
Validate and investigate security incidents, employing a range of tools and methods.
Work in tandem with the incident response team to assist in analysing and containing incidents.
Stay updated on emerging cybersecurity threats and trends to maintain cutting-edge detection strategies.
Regularly reassess and refine the companys security policies and protocols related to detection.
Offer technical expertise and training to team members and stakeholders on detection tools and best practices.
Lead the development of automated processes for detecting and mitigating security events.
Document findings comprehensively, maintaining essential technical documentation.
Experience and Knowledge:
Proficient in writing behavioural detection rules for SIEM, WAF, or similar platforms; familiarity with YARA or static detections is advantageous.
Knowledge of the MITRE ATT&CK Matrix and experience in building detections within this framework.
Skilled in scripting and programming languages, particularly Python, proficiency in writing regular expressions (regex).
Understanding of Detection Engineering processes, including backlog prioritization, writing tests.
Experience in creating and managing detections for cybersecurity products, and working in a SOC or similar environment is beneficial.
Strong analytical skills with a focus on false positive analysis.
Comprehensive knowledge of cybersecurity frameworks, threat intelligence, and industry best practices.
Exceptional communication and teamwork capabilities.
Qualifications:
Bachelors degree in Computer Science, Information Security, or a related field, or equivalent professional experience (10-14 years).
Demonstrated expertise in security monitoring, threat hunting, and incident response.
In-depth knowledge of network protocols, operating systems, and secure architectures.
Experience with various security technologies, including SIEM, IDS/IPS, and firewalls.
Proficiency in scripting or programming languages is a plus.
Familiarity with compliance and regulatory frameworks such as GDPR, HIPAA, NIST, or ISO is advantageous.
Professional certifications like CISSP, GCIH, Splunk Certifications (SIEM & SOAR), ATT&CK Threat Hunting and Detection Engineering Certification, GIAC Certified Detection Analyst (GCDA), GIAC Cloud Threat Detection (GCTD) or equivalent are highly desirable.
Strong abilities in communication and collaboration.
