MDR Security Expert

As part of Managed Security Services Business Line, youll be able to get involved in deliverable based role and contribute to the success of the business.

Job summary

Looking for a technically sound subject matter expert (SME) to lead the design, development, testing and delivery of use-cases for the detection and response to cyber threats in complex IT and Telecom environments. To be successful the candidate should have a strong understanding in information security, threat modelling, threat detection, automated response, and the corresponding commercial and open-source solutions and products (e.g., EDR, SIEM, SOAR, etc.).

Deliverable and activities the SME will be assisting both directly or in support to the business line:

• Design, development, testing (in lab environment) and delivery of end-to-end cyber security use-cases to enhance the detection and response capabilities of security operations center (SOC) with multivendor SIEM, SOAR etc.
• Build a library of risk driven cyber-attack scenarios, covering the entire kill chain (i.e., reconnaissance, weaponization, delivery, etc.), with clear identification of threats, vulnerabilities, business impact, likelihood, approach, use-cases, scenarios, rules, remediation workflows or cyber playbooks.
• Support as SME for the cyber manage, detection and response, for one or multiple of the following domains: IT, Telecom Core Network and Telecom Radio Access Network (RAN).
• Deep experience and knowledge of emerging 3GPP security requirements (e.g., 4G, 5G, etc.), ITU-T x.805, ISO27001, NIST, MITRE ATT&CK framework, and related standards (optional but have willingness to learn).
• Support in integrating existing commercial and open-source threat detection and response solutions (e.g., EDR, SIEM, SOAR, etc.).
• Create technical documentations, presentations and deliver competence development materials and trainings to relevant key stakeholders.

Technical Competencies:

• Masters or bachelors degree in computer science or related field such as cyber security or computer forensic Or 7+ years of relevant experience.
• Minimum of 5 or more years of relevant experience in field of cybersecurity domain in manage, detection and response (MDR)
• Understanding and working knowledge of SOC technologies such as SIEM, SOAR, EDR, etc.
• Experience with SIEM tools, in terms of scripting, tuning and optimization of threat detection rule sets.
• Experience with SOAR tools, in terms of scripting, tuning and optimization of threat response playbooks and workflows.
• Knowledge on MITRE ATT&CK framework, TTPs used in various types of attacks. (Preferable)

Soft Skills:

• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Must be a critical thinker, with strong problem-solving skills.

Nice to Have:

• Knowledge on Telecom communications technologies (Core and/or RAN), security protocols, 3GPP security requirements, ITU-T x.805, ISO27001, NIST, and related standards.
• Professional security management certifications are highly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and any SIEM related certification (e.g., Splunk or Q-Radar or Logrhythm or leading SIEM(s)) certification.