Experience in configuring, managing, and using one or more SIEM/SOAR/UEBA products, highly desired.
SOC consulting experience, highly desired.
Good knowledge of Python, regular expressions, and SQL queries.
Good understanding of security infrastructure and related technologies (AD, proxies, firewalls, email filtering technologies, and network intrusion detection systems) .
Excellent log analysis skills with an ability to apply them appropriately for alerting and reporting.
Experience in cyber security intrusion detection/analysis/response and creating new rules and filters to support these actions.
Experience in creating log correlations in a SIEM to identify anomalous, potentially malicious behavior.
Understanding of MITRE ATT&CK and Kill chain.
Experience working with REST and other third-party API integrations.
Responsibilities
Building defensive, highly-customized security playbooks using LogPoint SOAR platform.
Research, analyze, and create contents based on wide variety of commodity and APT based malware and techniques.
Interpret Threat intelligence’s IOCs and use them efficiently for alerting. Recognize patterns and inconsistencies that could indicate complex cyber-attacks.
Build and maintain dashboards and other data visualizations of complex data sets and calculations.
Translate analytical findings into security “use cases” that can be implemented within available surveillance capabilities.
Write queries, perform data analysis/log correlation, and create data visualizations for different security devices.
Create technical documentation around the content deployed to the SIEM.
Write, review and organize technical content that will be published to the LogPoint blog, FAQs and Knowledge base for use by both internal and external customers.
