.
Role title: SIEM Content Development Specialist
Location : Newbury
What you’ll do
1. Content Development – take part in and drive continual creation and refinement of rules and logic within the Vodafone SIEM/EDR/ELK infrastructure to improve Cyber Security Operations efficiency and effectiveness. This would include responsibilities such as the following:
o Develop SIEM/EDR/ELK content to address attack vectors using current industry best practices
o Analyse threats/adversaries/attack tools to develop indicator/behavioural based detections that alert and/or prevent malicious activity
o Evaluate and make use of multiple data sources to build content across multiple SIEM/EDR/ELK platforms
o Utilise SIEM/EDR/ELK to facilitate metrics collection, analysis and reporting
o Create and maintain analytics documentation
o Effectively collaborate with colleagues and counterparts internally and externally
2. Security Analysis – take part in and may drive security event analysis activities to address current Cyber threats
3. Threat Response – may require engagement and possibly driving the analysis from blue team perspective to identify possible threat group activity
4. Security Reporting and Advisories – take part in and may drive the delivery of cyber security reports and advisories to all key stakeholders
5. Residual Risk Assessment – take part in and may drive the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting
Who you are
• Minimum of 1-3 years’ experience in SIEM content (rule logic and code) development role
• Minimum of 1 years of SOC analyst experience (Level2 or above) required
• 5 years IT experience
• In depth and extensive hands-on experience in security event analysis, create and refine SIEM/EDR rules and deliver efficiency within the SIEM and all other technologies used within the team
• Deep knowledge of IPv4/IPv6, TCP networking protocols
• Deep knowledge of Windows/Linux operating systems
• Good working knowledge of security technologies such as SIEM (ArcSight, Sentinel, QRadar, LogRhythm, Splunk), EDR (Microsoft Defender, FireEye, Tanium), IDS/IPS, firewalls, proxies, web application firewalls, anti-virus, etc.
• Understanding of Window Security Event logs and Syslog
• Excellent familiarity with endpoint/perimeter security attack vectors and detection (blue/purple teaming)
• Familiarity with standard security frameworks such as MITRE, cyber kill chain and APT campaign strategies
• Good knowledge of cloud platforms such as Azure, O365, Google cloud, AWS, Oracle
• Good working knowledge of regular expression development
• Scripting and programming experience is highly desirable
• Kusto or SQL knowledge, including rule/query optimisation
• Proven ability to prioritise workload, meet deadlines and utilise time effectively
• Good interpersonal and communication skills, works effectively as a team player and the ability to communicate technical information to a non-technical audience
Must have technical / professional qualifications:
• Bachelor’s degree or higher in Cyber Security/Information Technology or related field
• One or more cyber security certifications such as GCIA, GCIH, GCFA, GNFA, CEH, ECSA preferred
What's in it for you
Together We Can:
#Li-Hybrid