Vacancy expired!
- Minimum 4 years of experience developing security rules, detections and policies within Log Management platforms, NextGen SIEM's (including UEBA) platforms
- Proficient in Python, and/or GoLang
- Experience building security driven content on key infrastructures such as log management platforms (Elastic, or Splunk or similar platforms), NextGen SIEM's and UEBA platforms (Exabeam, Securonix)
- Experience using NextGen SIEM's such as Splunk, Elastic to create rules and alerts
- Thorough knowledge of the MITRE ATT&CK framework, and working knowledge mapping security rules and policies for detection to the MITRE ATT&CK framework
- Experience building correlation rules and alerts on log management platforms
- Experience building policies and rules on email and network platforms
- Proficient in git version control and git lifecycle development
- Excellent verbal and written communication skills
- Bachelor's degree
- Basic understanding of Agile development model
- Basic understanding of malware analysis and building rules for to identify malware families and threat actor TTPs that can be applied to platforms where applicable
- Comprehensive understanding of building rules and alerts on multiple security-driven platforms, and understanding the end-to-end lifecycle of created rules and their corresponding alerts
- Experience in technologies and platforms such as: Splunk, Elastic, Humio, Securonix, Google Cloud
- Develop correlation searches, dashboards, reports and alerts within the SIEM.
- Develop User Entity Behavioral Analytic (UEBA) policies and rules within the NextGen SIEM platform and tune alerts for accuracy.
- Map use cases and subsequent rules and policies to the MITRE ATT&CK framework.
- Integrate innovative and custom technology to improve accuracy of alerts and notifications received by teams within Threat Management.
- Create well documented and clearly articulated code, process and services documentation.
- Understand REST and GraphQL API usage and implement solutions utilizing APIs from NYC3 utilized solutions that enhance detection and response capabilities.
- Collaborate with CTA, SOC, CERT and CTI teams to build robust, high fidelity detections and automated alerting workflows.
- Demonstrate a deep understanding of the SIEM and SOAR tools used to detect and respond to security threats along with other security products and data that will be used for the goal of threat detection.
- Proactively build new threat detection content in alignment with cyber threat intelligence and in accordance with the cyber operations security strategy.
- Establish, update, and maintain the content and development for the SIEM and SOAR platforms in order to achieve the goals of the cyber security operations program.
- Support key Threat Management teams (Counter Threat Automation, Security Operations Center, Computer Emergency Response Team, Counter Threat Intelligence) by proactively deploying security-driven content.
- Specifically, improve the quality of alerts and detection through fine-tuning of policies/rule-setting using log management and security incident platforms
- Collaborate with TM teams during investigations, and develop a comprehensive threat detection library
Vacancy expired!