Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

SAP Senior Detection Response Engineer 
Bulgaria, Burgas 
55235190

04.07.2024

The ideal candidate would have SOC L2/L3 background and the ability to significantly contribute to the design and implementation of playbooks

The candidate should have a good understanding of entities and data models associated with various log types, a bonus for cloud workloads specific logs.

What you'll do

  • Deploy a new SOAR/hyper-automation tool
  • Collaborate with the SOC and lead playbook creation
  • Understand problems with detection use-cases and identify opportunities to group alerts based on entities or other criteria.
  • Use your coding, data analytics and investigation skills to write new integrations between SOAR, detection and security tooling, ticketing systems, CMDB, TI enrichment platforms
  • Contribute to decision-making into what information needs to be enriched and when, what is relevant and less-relevant for a L1 triage analyst
  • Participate in the integration with GPT models and prompting and training ML models for alert triage.
  • Detection Rule testing and tuning to identify and reduce False-Positive & False-Negative
  • Depending on priority, assist in writing/customizing detections after red/purple teaming engaments.

What you'll bring

  • Ideally SOC experience in a datacenter environment (MSP)
  • A good understanding of network security (cloud is a bonus)
  • Python skills. (data modelling, ML is a bonus)
  • Experience writing API connectors and tool plugins.
  • Technical proficiency on Linux
  • Experience building dashboards and processes around use-case testing , versioning
  • Security tool integration experience, familiarity with common information and log formats
  • 5+ years of experience in Security including but not limited to: Threat Intel, Threat Detection, Cloud Security and or SOC experience, Automation
  • Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s modes of interest.
  • An understanding of CI/CD, versioning tools, Jira/Kanban

Nice to have

  • Advanced Splunk/Phantom experience (or other SIEM/SOAR equivalent)
  • Infrastructure as code experience
  • Knowledge of public cloud resources and control plane threats and vulnerabilities, and how it applies to MITRE ATTACK Framework.
  • Platform knowledge around AWS, GCP and Azure, specifically around security configuration and monitoring.
  • Experience with Threat Intel ingestion and generation
  • Splunk ES certification, GIAC GMON, GCDA, GCTI, GCFE or other relevant certifications or projects experience
  • Experience with BAS tools, commercial or open source.