SAP Senior Detection Response Engineer 

Bulgaria, Burgas 

55235190

The ideal candidate would have SOC L2/L3 background and the ability to significantly contribute to the design and implementation of playbooks

The candidate should have a good understanding of entities and data models associated with various log types, a bonus for cloud workloads specific logs.

What you'll do

• Deploy a new SOAR/hyper-automation tool
• Collaborate with the SOC and lead playbook creation
• Understand problems with detection use-cases and identify opportunities to group alerts based on entities or other criteria.
• Use your coding, data analytics and investigation skills to write new integrations between SOAR, detection and security tooling, ticketing systems, CMDB, TI enrichment platforms
• Contribute to decision-making into what information needs to be enriched and when, what is relevant and less-relevant for a L1 triage analyst
• Participate in the integration with GPT models and prompting and training ML models for alert triage.
• Detection Rule testing and tuning to identify and reduce False-Positive & False-Negative
• Depending on priority, assist in writing/customizing detections after red/purple teaming engaments.

What you'll bring

• Ideally SOC experience in a datacenter environment (MSP)
• A good understanding of network security (cloud is a bonus)
• Python skills. (data modelling, ML is a bonus)
• Experience writing API connectors and tool plugins.
• Technical proficiency on Linux
• Experience building dashboards and processes around use-case testing , versioning
• Security tool integration experience, familiarity with common information and log formats
• 5+ years of experience in Security including but not limited to: Threat Intel, Threat Detection, Cloud Security and or SOC experience, Automation
• Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s modes of interest.
• An understanding of CI/CD, versioning tools, Jira/Kanban

Nice to have

• Advanced Splunk/Phantom experience (or other SIEM/SOAR equivalent)
• Infrastructure as code experience
• Knowledge of public cloud resources and control plane threats and vulnerabilities, and how it applies to MITRE ATTACK Framework.
• Platform knowledge around AWS, GCP and Azure, specifically around security configuration and monitoring.
• Experience with Threat Intel ingestion and generation
• Splunk ES certification, GIAC GMON, GCDA, GCTI, GCFE or other relevant certifications or projects experience
• Experience with BAS tools, commercial or open source.