Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

SAP Cyber Detection Engineer 
Bulgaria, Burgas 
843342338

04.07.2024

The ideal candidate would have SOC L2/L3 background and the ability to contribute to the triage of the detection backlog.

The candidate should have a good understanding of entities and data models associated with various log types, a bonus for cloud workloads specific logs.

What you'll do

  • Bring your experience or research a certain/new log source/sourcetypes.
  • Understand how to document and differentiate a baseline (normal behavior) vs abnormal/low prevalence/outliers.
  • Identify what information is needed given a log type and TTP. (what fields are relevant, what entities are involved, when and what enrichment is possible)
  • Use your coding, data analytics and investigation skills to write new detection rules, tune existing correlation rules and build response capabilities mapped to MITRE ATT&CK and RE&CT
  • Build automation and detection models to support identification of anomalous activity and response activities to mitigate threats at scale.
  • Identify and consult on thedesignof countermeasures to mitigate threats in our environmen – be able to understand the audit policies and logging level (verbosity) and format of various security tools and select the settings tha enable just-enough-logging for the detection use-cases
  • Coordinating with Security SMEs to build hunting rules and triggers, which focus on adversary activity within the cloud control plane and Linux servers
  • Detection Rule testing and tuning to identify and reduce False-Positive & False-Negative
  • Ensure that all documents, workflows and processes remain accurate and up-to-date

What you'll bring

  • Ideally SOC experience in a datacenter environment (MSP)
  • A good understanding of network security (cloud is a bonus)
  • Experience working with endpoint telemetry/EDR security products preferred
  • Technical proficiency on Linux
  • Experience building dashboards and processes around use-case testing , versioning
  • Security tool integration experience, familiarity with common information and log formats
  • 5+ years of experience in Security including but not limited to: Threat Intel, Threat Detection, Cloud Security and or SOC experience
  • Programming / scripting knowledge for automating day to day tasks – Splunk, Python, SQL, Powershell , bash
  • Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s modes of interest.
  • An understanding of CI/CD, versioning tools, Jira/Kanban

Nice to have

  • Familiarity with the Sigma project for security detection rule authoring.
  • Advanced Splunk experience (or other SIEM equivalent)
  • Infrastructure as code experience
  • Knowledge of public cloud resources and control plane threats and vulnerabilities, and how it applies to MITRE ATTACK Framework.
  • Platform knowledge around AWS, GCP and Azure, specifically around security configuration and monitoring.
  • Experience with Threat Intel ingestion and generation
  • Splunk ES certification, GIAC GMON, GCDA, GCTI, GCFE or other relevant certifications or projects experience
  • Experience with BAS tools, commercial or open source.


Job Segment:ERP, Open Source, Cloud, Testing, Network Security, Technology, Security