17 May
SIEM Engineer - Content Development- Lead
Georgia, Atlanta , 30301 Atlanta USA

Vacancy expired!

Position: Content Development- Lead

Duration: Contract/Full Time

Location: Atlanta, USA

Job Description:We are looking for a content development engineer or L3 level SOC SIEM engineer with hands-on experience in developing new rules, use cases and content based on various log sources including Cloud Security log sources. This role involves new Rules creation in Google Chronicle, creation of Playbooks in Palo Alto’s XSOAR platforms to automate the process.Mandatory Skills:Minimum 7+ years of experience in Content Engineering and DevelopmentExperienced in writing SIEM Correlation, grouping & logical rulesExperienced in writing YARA rulesIntegration of new log sources/assets with SIEMUse Cases configurations & development in SIEM toolsIntegration of incremental threat intelligence feedsCreation/finetuning of use cases and correlation rulesELK Stack and DSIEM Correlation Rules developmentChronicle Backstory Rules creation / developmentTesting of newly built use cases and rulesDeployment of tested rules and use casesIntegration of end points with SOAR solutionCreation/Enhancement of SOAR Playbooks as neededCreation and updates to Incident Response Guides Palo Alto SOAR Playbooks design and implementSIGMA Rule CustomizationGood knowledge of MITRE ATT&CK Framework Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc.Creating automation playbooks in Orchestration platform Demisto (Cortex XSOAR).Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions.Developing custom content based on threat intelligence and threat hunting results.Identifying gaps in the existing security controls and develop/propose new security controls.Job Requirements:7+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/ArcSight /QRadar etc.Deep understanding of MITRE ATT&CK Framework.Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools.Good understanding on networking concepts.Experience interpreting, searching, and manipulating data within enterprise loggingsolutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.Ability to identify gaps in the existing security controls.Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.Experience on EDR tools like CrowdStrike and good understanding on TTPs like Process Injection.Excellent communication, listening & facilitation skillsAbility to demonstrate an investigative mindset.Excellent problem-solving skills.Understanding of MITRE ATT&CK framework.Experience in Cortex XSOAR (Demisto) Playbook Creation.Demonstrable experience in Use case /rule creation on any SIEM Platform.Chronicle Backstory/ ELK Stack/ YARA / CrowdStrike rules experience is a plus.

Vacancy expired!

Subscribe for new vacancies

Related jobs

»Field Service Engineer - IT Tech Wanted!
2021-04-23
»Field Service Engineer - IT Tech Wanted!
2021-04-23
»Senior Systems Engineer
2021-04-23
Report job