The ideal candidate would have SOC L2/L3 background and the ability to contribute to the triage of the detection backlog.
The candidate should have a good understanding of entities and data models associated with various log types, a bonus for cloud workloads specific logs.
What you'll do
- Bring your experience or research a certain/new log source/sourcetypes.
- Understand how to document and differentiate a baseline (normal behavior) vs abnormal/low prevalence/outliers.
- Identify what information is needed given a log type and TTP. (what fields are relevant, what entities are involved, when and what enrichment is possible)
- Use your coding, data analytics and investigation skills to write new detection rules, tune existing correlation rules and build response capabilities mapped to MITRE ATT&CK and RE&CT
- Build automation and detection models to support identification of anomalous activity and response activities to mitigate threats at scale.
- Identify and consult on thedesignof countermeasures to mitigate threats in our environmen – be able to understand the audit policies and logging level (verbosity) and format of various security tools and select the settings tha enable just-enough-logging for the detection use-cases
- Coordinating with Security SMEs to build hunting rules and triggers, which focus on adversary activity within the cloud control plane and Linux servers
- Detection Rule testing and tuning to identify and reduce False-Positive & False-Negative
- Ensure that all documents, workflows and processes remain accurate and up-to-date
What you'll bring
- Ideally SOC experience in a datacenter environment (MSP)
- A good understanding of network security (cloud is a bonus)
- Experience working with endpoint telemetry/EDR security products preferred
- Technical proficiency on Linux
- Experience building dashboards and processes around use-case testing , versioning
- Security tool integration experience, familiarity with common information and log formats
- 5+ years of experience in Security including but not limited to: Threat Intel, Threat Detection, Cloud Security and or SOC experience
- Programming / scripting knowledge for automating day to day tasks – Splunk, Python, SQL, Powershell , bash
- Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s modes of interest.
- An understanding of CI/CD, versioning tools, Jira/Kanban
Nice to have
- Familiarity with the Sigma project for security detection rule authoring.
- Advanced Splunk experience (or other SIEM equivalent)
- Infrastructure as code experience
- Knowledge of public cloud resources and control plane threats and vulnerabilities, and how it applies to MITRE ATTACK Framework.
- Platform knowledge around AWS, GCP and Azure, specifically around security configuration and monitoring.
- Experience with Threat Intel ingestion and generation
- Splunk ES certification, GIAC GMON, GCDA, GCTI, GCFE or other relevant certifications or projects experience
- Experience with BAS tools, commercial or open source.
Job Segment:ERP, Open Source, Cloud, Testing, Network Security, Technology, Security