SAP Cyber Detection Engineer 

Bulgaria, Burgas 

843342338

The ideal candidate would have SOC L2/L3 background and the ability to contribute to the triage of the detection backlog.

The candidate should have a good understanding of entities and data models associated with various log types, a bonus for cloud workloads specific logs.

What you'll do

• Bring your experience or research a certain/new log source/sourcetypes.
• Understand how to document and differentiate a baseline (normal behavior) vs abnormal/low prevalence/outliers.
• Identify what information is needed given a log type and TTP. (what fields are relevant, what entities are involved, when and what enrichment is possible)
• Use your coding, data analytics and investigation skills to write new detection rules, tune existing correlation rules and build response capabilities mapped to MITRE ATT&CK and RE&CT
• Build automation and detection models to support identification of anomalous activity and response activities to mitigate threats at scale.
• Identify and consult on thedesignof countermeasures to mitigate threats in our environmen – be able to understand the audit policies and logging level (verbosity) and format of various security tools and select the settings tha enable just-enough-logging for the detection use-cases
• Coordinating with Security SMEs to build hunting rules and triggers, which focus on adversary activity within the cloud control plane and Linux servers
• Detection Rule testing and tuning to identify and reduce False-Positive & False-Negative
• Ensure that all documents, workflows and processes remain accurate and up-to-date

What you'll bring

• Ideally SOC experience in a datacenter environment (MSP)
• A good understanding of network security (cloud is a bonus)
• Experience working with endpoint telemetry/EDR security products preferred
• Technical proficiency on Linux
• Experience building dashboards and processes around use-case testing , versioning
• Security tool integration experience, familiarity with common information and log formats
• 5+ years of experience in Security including but not limited to: Threat Intel, Threat Detection, Cloud Security and or SOC experience
• Programming / scripting knowledge for automating day to day tasks – Splunk, Python, SQL, Powershell , bash
• Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s modes of interest.
• An understanding of CI/CD, versioning tools, Jira/Kanban

Nice to have

• Familiarity with the Sigma project for security detection rule authoring.
• Advanced Splunk experience (or other SIEM equivalent)
• Infrastructure as code experience
• Knowledge of public cloud resources and control plane threats and vulnerabilities, and how it applies to MITRE ATTACK Framework.
• Platform knowledge around AWS, GCP and Azure, specifically around security configuration and monitoring.
• Experience with Threat Intel ingestion and generation
• Splunk ES certification, GIAC GMON, GCDA, GCTI, GCFE or other relevant certifications or projects experience
• Experience with BAS tools, commercial or open source.

Job Segment:ERP, Open Source, Cloud, Testing, Network Security, Technology, Security