Responsibility:
- Develop, enhance, and maintain threat detection use cases within Splunk ES and custom rules in CrowdStrike EDR.
- Align detection capabilities with the MITRE ATT&CK framework for transparency and effectiveness.
- Collaborate with SOC for continuous improvement and challenge detection mechanisms.
- Proactively create and fine-tune detection use cases using advanced analytics and machine learning.
- Ensure compliance and optimize performance by validating new log sources and data models.
- Drive operational stability and quality improvements through effective collaboration with the Service Operations team.
Technical Skills:
- Proficient in Splunk Enterprise Security (ES) and developing detection use-cases.
- Experience with Machine Learning and Risk-Based Monitoring in Splunk is advantageous.
- Strong analytical skills to interpret security logs and identify potential threats.
- Familiarity with common interface models (CIM) and data model utilization in Splunk.
- Deep understanding of cybersecurity concepts and attack lifecycle phases.
- Knowledgeable about the MITRE ATT&CK framework and various detection techniques.
- Ability to create interactive dashboards, alerts, and reports in Splunk.
Experience:
- Minimum 3 years of demonstrated experience in SIEM use-case engineering.
- Over 5 years of experience in cybersecurity.
