Responsible for the planning, design and build of SIEM detections; automation and SOC workflow enrichments. Strong understanding of current threat landscape, data ingest and telemetry requirements.
1. Experience with SIEM platforms such as Splunk, Azure Sentinel, Qradar, Exabeam, etc.
2. Python scripting
3. MITRE Caldera and ATT&CK
4. Atomic Red Team
5. SOAR automation and enrichment
6. Strong work ethic and postive can do attitude
7. Bias for action and execution of tasks
8. Willingness to grow skillset
This role requires UK national security clearance.
Career Level -
Responsible for authoring, tuning and deploying SIEM detections, Threat Hunting and automation via pyton scripting and SOAR tools.
May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis. Coordinates incidents with other business units and may act as incident commander of serious incidents. Participates in developing new methods, playbooks throughout Oracle.
Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.
Brings advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
Work with Senior management to develop and implement a multi-year security roadmap
Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security operations engineers in the department.