| Security Analytics Content Developer--Baltimore, MD (Hybrid - at least 3 days onsite) at Baltimore, Maryland, USA |
| Email: [email protected] |
| From: Mohammed Shaik, www.abidisolutions.com [email protected] Reply to: [email protected] Note: we are looking for only local's consultants Job Title - Security Analytics Content Developer Location - Baltimore, MD (Hybrid - at least 3 days onsite) Duration - Contract Responsibilities Researching and developing new threat detection use cases based on intelligence and research into emerging threats. Management and development of security analytics and correlation rules Work alongside incident response analysts to improve the detection time and response for security incidents Design dashboards to capture metrics from the SOC Generate appropriate alerting within SIEM to trigger investigations Collaborate with the platform team on the normalization of incoming log sources and events Participate in Incident Response activities. Research and implement new analytics and playbooks that can be used within the SOC/IR teams Develop playbooks and automation in SOAR to accelerate IR activities (Desirable) Security automation, log analysis, continuous monitoring and managing a SIEM Deploy automation throughout the security response organization to improve the overall operational effectiveness Work alongside our SOC and IR analysts and threat hunting analysts to design response actions to newly created detection rules Required Skills : Passionate interest in cyber security Bachelor's Degree in Computer Science, Engineering, or related discipline; or equivalent combination of work experience and certifications. Solid experience with Splunk Search Processing Language (SPL) Familiarity with standard security frameworks including Mitre ATT&CK, and Cyber Kill Chain Strong interpersonal skills, both written and oral and ability to communicate complex ideas to all levels of the business. Experience working within a Security Operation Centre (SOC) Experience in SIEM content development and tuning alerts Working knowledge of Linux administration Good understanding of network and security log sources, and log normalization Supporting Incident response with analysis of data Preferred Skills : Experience Splunk Enterprise and ES or other SIEM platform Hands-on experience with multiple programming/scripting languages, including Python and Bash Previous experience with resilient streaming technologies such as Apache Kafka and Apache Nifi. Experience with multiple cloud technologies and security appliances Good understanding of Splunk Awareness of networking protocols and technologies Good understanding of HTTP, REST APIs, JSON and syslog data format Security tool FAQ and Support Documentation Hands-on experience with SOAR Experience creating playbooks to respond to security incidents Keywords: Maryland |
| [email protected] View all |
| Thu Nov 16 03:27:00 UTC 2023 |