Vacancy expired!
Threat Detection Engineer6 MonthsREMOTE Primary Responsibilities
- Capture use cases from subscribers or other team members and develop correlation rules Utilize knowledge of latest threats and attack vectors to develop Splunk correlation rules for continuous monitoring
- Develop, manage, and maintain Splunk data models
- Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
- Develop custom regex to create custom knowledge objects
- Developing custom SPL using macros, lookups, etc., and network security signatures such as
- SNORT and YARA
- Develop custom dashboards and reports for customer stakeholders
- Train and mentor junior staff
- Bachelor s Degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field PLUS at least eight (8) years of experience in incident detection and response, malware analysis, or cyber forensics
- Extensive experience working with various security methodologies and processes
- Advanced knowledge of TCP/IP protocols, experience configuring and implementing various technical security solutions, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices
- Expert knowledge in two or more of the following areas related to cybersecurity: Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Web-filtering, Advanced Threat Protection
- Experience developing advanced correlation rules utilizing tstats and data models for cyber threat detection
- Experienced with creating and maintaining Splunk knowledge objects
- Experienced managing and maintaining Splunk data models
- Experience creating regex for pattern matching
- Experience implementing security methodologies and SOC processes
- Preferred Qualifications
- Experience with cloud (e.g. o365, Azure, AWS, etc) security monitoring and familiar with cloud threat landscape
- Completed Splunk Advance Searching and Reporting training
- Experience developing custom scripts using python
Vacancy expired!