Position: Content Development- LeadDuration: Contract/Full TimeLocation: Atlanta, USA Job Description: We are looking for a content development engineer or L3 level SOC SIEM engineer with hands-on experience in developing new rules, use cases and content based on various log sources including Cloud Security log sources. This role involves new Rules creation in Google Chronicle, creation of Playbooks in Palo Alto’s XSOAR platforms to automate the process. Mandatory Skills: Minimum 7+ years of experience in Content Engineering and Development Experienced in writing SIEM Correlation, grouping & logical rules Experienced in writing YARA rules Integration of new log sources/assets with SIEM Use Cases configurations & development in SIEM tools Integration of incremental threat intelligence feeds Creation/finetuning of use cases and correlation rules ELK Stack and DSIEM Correlation Rules development Chronicle Backstory Rules creation / development Testing of newly built use cases and rules Deployment of tested rules and use cases Integration of end points with SOAR solution Creation/Enhancement of SOAR Playbooks as needed Creation and updates to Incident Response Guides Palo Alto SOAR Playbooks design and implement SIGMA Rule Customization Good knowledge of MITRE ATT&CK Framework Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc. Creating automation playbooks in Orchestration platform Demisto (Cortex XSOAR). Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions. Developing custom content based on threat intelligence and threat hunting results. Identifying gaps in the existing security controls and develop/propose new security controls. Job Requirements: 7+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/ArcSight /QRadar etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding on networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like CrowdStrike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Understanding of MITRE ATT&CK framework. Experience in Cortex XSOAR (Demisto) Playbook Creation. Demonstrable experience in Use case /rule creation on any SIEM Platform. Chronicle Backstory/ ELK Stack/ YARA / CrowdStrike rules experience is a plus.