Overview:
Our client is seeking a skilled and proactive SIEM Detection Engineer to join their cybersecurity team. This role is critical in the engineering, development, and continuous improvement of threat detection use cases within their SIEM platform. The ideal candidate will be responsible for creating and tuning custom detection rules, mapping existing capabilities to the MITRE ATT&CK framework, and collaborating with the SOC to improve overall detection and prevention measures.
Key Responsibilities:
- Design, test, and refine new detection use cases within the SIEM platform.
- Enhance and optimize existing detection use cases using Machine Learning and User & Entity Behavior Analytics (UEBA).
- Map detection use cases to the MITRE ATT&CK framework to evaluate and ensure comprehensive monitoring coverage.
- Maintain and update threat detection playbooks, processes, and documentation.
- Collaborate with the SOC team to continuously improve detection and prevention capabilities.
- Identify gaps in SIEM coverage and implement new use cases to address blind spots.
- Work with the log onboarding team and SIEM architect to validate log sources and ensure compliance with CIM standards.
- Partner with Service Operations to improve processes, documentation, and overall service quality.
- Provide governance on topics related to operational stability.
Requirements:
- Minimum of 3 years of experience in SIEM use-case engineering, with 5+ years in cybersecurity.
- Strong experience working in a security operations role.
- Proficiency with Splunk Enterprise Security (ES) and developing/tuning detection use cases (Correlation Searches) based on Data Models.
- Knowledge of Machine Learning and Risk-Based Monitoring in Splunk is a plus.
- Expertise in analyzing and interpreting security logs to identify potential threats and attack patterns.
- Experience with the Common Information Model (CIM) for validating data sources.
- Ability to create and use data models in Splunk for threat detection.
- Deep understanding of cybersecurity concepts and the attack lifecycle.
- Familiarity with the MITRE ATT&CK framework and applying it to threat detection.
- Experience in creating interactive dashboards, alerts, and reports in Splunk.