SIEM Content Developer / Security Analytics Content Developer

Responsibilities:
• Researching and developing new threat detection use cases based on intelligence and research into emerging threats.
• Management and development of security analytics and correlation rules
• Work alongside incident response analysts to improve the detection time and response for security incidents
• Design dashboards to capture metrics from the SOC
• Generate appropriate alerting within SIEM to trigger investigations
• Collaborate with the platform team on the normalization of incoming log sources and events
• Participate in Incident Response activities.
• Research and implement new analytics and playbooks that can be used within the SOC/IR teams
• Develop playbooks and automation in SOAR to accelerate IR activities – (Desirable)
• Security automation, log analysis, continuous monitoring and managing a SIEM
• Deploy automation throughout the security response organization to improve the overall operational effectiveness
• Work alongside our SOC and IR analysts and threat hunting analysts to design response actions to newly created detection rules
Required Skills & Qualifications
• Passionate interest in cyber security
• Bachelor’s Degree in Computer Science, Engineering, or related discipline; or equivalent combination of work experience and certifications.
• Solid experience with Splunk Search Processing Language (SPL)
• Familiarity with standard security frameworks including Mitre ATT&CK, and Cyber Kill Chain
• Strong interpersonal skills, both written and oral and ability to communicate complex ideas to all levels of the business.
• Experience working within a Security Operation Centre (SOC)
• Experience in SIEM content development and tuning alerts
• Working knowledge of Linux administration
• Good understanding of network and security log sources, and log normalization
• Supporting Incident response with analysis of data
Desired Job Skills
• Experience Splunk Enterprise and ES or other SIEM platform
• Hands-on experience with multiple programming/scripting languages, including Python and Bash
• Previous experience with resilient streaming technologies such as Apache Kafka and Apache Nifi.
• Experience with multiple cloud technologies and security appliances
• Good understanding of Splunk
• Awareness of networking protocols and technologies
• Good understanding of HTTP, REST APIs, JSON and syslog data format
• Security tool FAQ and Support Documentation
• Hands-on experience with SOAR
• Experience creating playbooks to respond to security incidents
Rate range -$45-$50