SIEM Engineer - Content Development- Lead

SIEM Engineer - Content Development- Lead

18 May 2021
Georgia, Atlanta, 30301 Atlanta USA

SIEM Engineer - Content Development- Lead

Position: Content Development- Lead

Duration: Contract/Full Time

Location: Atlanta, USA

Job Description:
We are looking for a content development engineer or L3 level SOC SIEM engineer with hands-on experience in developing new rules, use cases and content based on various log sources including Cloud Security log sources. This role involves new Rules creation in Google Chronicle, creation of Playbooks in Palo Alto’s XSOAR platforms to automate the process.
Mandatory Skills:
Minimum 7+ years of experience in Content Engineering and Development
Experienced in writing SIEM Correlation, grouping & logical rules
Experienced in writing YARA rules
Integration of new log sources/assets with SIEM
Use Cases configurations & development in SIEM tools
Integration of incremental threat intelligence feeds
Creation/finetuning of use cases and correlation rules
ELK Stack and DSIEM Correlation Rules development
Chronicle Backstory Rules creation / development
Testing of newly built use cases and rules
Deployment of tested rules and use cases
Integration of end points with SOAR solution
Creation/Enhancement of SOAR Playbooks as needed
Creation and updates to Incident Response Guides
Palo Alto SOAR Playbooks design and implement
SIGMA Rule Customization
Good knowledge of MITRE ATT&CK Framework
Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc.
Creating automation playbooks in Orchestration platform Demisto (Cortex XSOAR).
Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions.
Developing custom content based on threat intelligence and threat hunting results.
Identifying gaps in the existing security controls and develop/propose new security controls.
Job Requirements:
7+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/ArcSight /QRadar etc.
Deep understanding of MITRE ATT&CK Framework.
Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools.
Good understanding on networking concepts.
Experience interpreting, searching, and manipulating data within enterprise logging
solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)
In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.
Ability to identify gaps in the existing security controls.
Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.
Experience on EDR tools like CrowdStrike and good understanding on TTPs like Process Injection.
Excellent communication, listening & facilitation skills
Ability to demonstrate an investigative mindset.
Excellent problem-solving skills.
Understanding of MITRE ATT&CK framework.
Experience in Cortex XSOAR (Demisto) Playbook Creation.
Demonstrable experience in Use case /rule creation on any SIEM Platform.
Chronicle Backstory/ ELK Stack/ YARA / CrowdStrike rules experience is a plus.

Related jobs

Job Details

  • ID
  • State
  • City
  • Job type
  • Salary
    USD Depends on Experience Depends on Experience
  • Hiring Company
    Larsen & Toubro Infotech Limited
  • Date
  • Deadline
  • Category

Jocancy Online Job Portal by jobSearchi.