Vacancy expired!
What does a great Cyber Security Operations Detection and Response Engineer do?
You are a strong cyber security detection and response content engineer, responsible for building cyber security threat detection and response processes, in accordance with strategic direction of the Fiserv cyber security operations program.You are current with the latest cyber security threats and trends, detection and response techniques, and have advanced knowledge of Security Incident and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) tools.You will work on a team responsible for the development detection rules, reference sets, building blocks, playbooks, integrations and other cyber related development work.You possess the ability to create, maintain, and bring order to the complexities of relevant SIEM and SOAR content.You will act as a security operations detection and response liaison between multiple different cyber security groups and ensure that all tools are working together to ensure the highest level of cross-functionality between groups.You're the kind of person who:- Establish, update, and maintain the content and development for the SIEM and SOAR platforms in order to achieve the goals of the cyber security operations program.
- Build strong relationships between various cyber security groups, technology teams, and business units to ensure that all cyber security tools, and data sets are working together to ensure the highest level of cross-functionality and threat detection.
- Demonstrate a deep understanding of the SIEM and SOAR tools used to detect and respond to security threats along with other security products and data that will be used for the goal of threat detection.
- Proactively build new threat detection content in alignment with cyber threat intelligence and in accordance with the cyber operations security strategy and in conjunction with threat intelligence.
- Build a streamlined threat detection content creation workflow that the cyber security groups can contribute to.
- Lead by example amongst other members of the cyber security operations program.
- Develop and lead internal education sessions on the SIEM and SOAR tools for the cyber security operations organization.
- Bachelor's degree or equivalent program in technology fields, Information Security or Information Technology, (or equivalent work experience).
- 5 years' experience working in cyber security, cyber security operations, cyber threat intelligence and/or other IT related fields tied to enterprise information system environments.
- Experience building rules, offenses, dashboards, reports, apps, playbooks, integrations and other content in the QRadar SIEM and Resilient SOAR platforms.
- Experience configuring SOAR tools, scripts, events, and playbooks.
- Create and maintain custom content and playbooks.
- Experience with enterprise security technologies, EDR, IDS/ IPS, vulnerability scanners, configuration management, and their applicability in in SIEM SOC processes.
- Experience with coding and scripting with languages like, Perl, Python, Bash, JavaScript, and more are desirable.
- Experience working with APIs to perform basic automation and integration tasks
- Understanding of current information security challenges and solutions.
- Ability to prioritize and re-prioritize tasks in a rapidly changing environment.
- Ability to coordinate collaborative work efforts between and among peers and peer groups.
- Strong analytical, problem solving and documentation skills.
- Excellent organizational and process building skills.
- Industry standard certifications such as CISSP, GCIH, are desirable.
- Experience with Splunk, QRadar, and Resilient SOAR are desirable.
Vacancy expired!