Title:  Engineer

Scope

• Perform log parsing and event mapping, as well as create custom parsers, to allow logs to be recognised by Security Information and Event Management (SIEM)
• Performing analysis of network traffic and create correlation rules in SIEM.
• Continuously monitor and analyze the performance of existing use cases and perform fine-tuning detection rules to reduce false positives.
• Configure detection rules and monitoring use cases for the customer and achieve signed off.

• Create comprehensive documentation for all developed use cases, ensuring clear guidelines for use and maintenance.
• Collaborate with Security Analysts on investigation of detected threats and anomalies.
• Collaborate with Security Orchestration, Automation and Response (SOAR) team to escalation alerts to customers for further investigation.
• Collaborate with Threat Intelligence and Digital Forensics teams to translate threat bulletins and forensic findings into actionable detection use cases.
• Coordinate with Deployment team and customers to deploy collectors and agents in the on prem and cloud network for data collection and forwarding.
• Collaborate with Deployment teams to onboard customer log sources into our SIEM system to support detection use cases.
• Collaborate with Customer Success Managers and Security Leads to develop reports and visualisations for customers.

Requirements

• Technical expertise with configurations of various logs sending devices, custom parsers and SIEM tools.
• Technical expertise with logs collectors and able to troubleshoot log ingest issues for various logs sending devices.
• Hands-on experience with popular SIEM platforms such as Splunk, QRadar, MS Sentinel, Chronicle, Elastic, Stellar.
• Familiarity with cloud infrastructure and cloud based SIEM, including ingesting log data from cloud storage into the SIEM. (Candidate with related cloud certification i.e AWS certification SysOps Administrator – Associate has an added advantage)
• Familiar with MITRE Framework
• Familiar with Sigma Rules
• Excellent troubleshooting and analytical skills
• Attention to detail and ability to communicate well in a professional manner.
• Previous experience with provisioning and integrating environments.
• 2+ years of network security experience working with enterprise clients preferred.
• Ability to interpret the complexity of technical problems.
• Reliability to maintain focus on contracted deliverables.
• Excellent interpersonal, co-ordination and problem-solving skills.
• High level of initiative, accountability, professional diligence, attention to detail and ability to follow process.
• Ability to work independently, as well as being able to work as part of a team in a pressured environment.
• Proactive, flexible attitude to work with an open mind to be exposed to different job scopes in varying degrees, and willingness to constantly review and improve skills and process.
• Candidates with certifications (CISSP, GCIH, OSCP) would be preferred