Job
Description
Role & responsibilities Strong background developing Azure Sentinel/DEVO analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting within the Azure Cloud. Strong and demonstrated background working with Log Analytics Workspaces, Kusto Query Language (KQL), Language integrated query Dashboard\workbook development. Strong understanding of Azure PaaS services. Solid experience with Logic Apps in Azure Experience in Creation of Resource groups, Log analytics workspace for Azure Sentinel & DEVO Integration to Data sources Develop SIEM and SOAR use cases and log data collection utilizing the Azure Sentinel, DEVO and Azure Log Analytics toolsets. Highly proficient with Azure Sentinel, DEVO and Azure Log Analytics. Develop analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline. Develop incident response capabilities using Logic Apps in Azure. Integrate and automate developed use cases into Azure DevOps CI/CD pipelines. Develop Jupyter notebooks in Python and integrate them with Azure Sentinel Understanding of Azure Lighthouse, Azure AD, B2B, and common Cloud authentication patterns. Ability to configure, automate, harden, and deploy Azure Sentinel Services. Possess skills on Use case Development DEVO, Sentinel, Splunk. Hands-on experience with Sentinel/Splunk SIEM use case creation and tuning. Strong understanding of Cloud Security and Networking Concepts and practices. Work with Tactical Use Case Development team to assist in processing the more intricate use case development tickets from our customer request queue. Excellent knowledge on MITRE Tactics and Techniques Work closely with our Threat Intel team to identify security alerting gaps that we can fill with our detection services. Back up Operation Use Case Development team on SIEM onboarding tasks and Security Analyst collaboration. Experience with multiple attack vectors such as Malware, Trojans, Exploit Kits, Ransomware and Phishing techniques Provide superior technical security expertise to ensure that the Security Operations Centre (SOC) is always delivering a professional service to its customers Conduct detailed analytical queries and investigations, identify areas that require specific attention, identify indicators of compromise (IOC) or events of interest (EOI) that need further investigation and develop use cases and rules to be developed into the SIEM platform Develop and improve Security Information and Event Management (SIEM) content and all relevant technologies used in the team, continually refining and create the rules and logic (use cases) to make the detection capabilities more efficient and effective Create and enhance internal processes and procedures Professional communications and reporting to SOC stakeholders and customers Act as a mentor and team lead to all First Level Security Analysts, support and supervise them, ensure knowledge transfer within the team Deliver qualified information about actual threats and indications, recommendations how the associated risk can be mitigated Contribute to the overall performance and success of the Security Operations Centre Build on and continuously improve SOC analytics framework Ensure effective operation of SIEM content: filters, rules, expressions and other identification mechanisms of the threat and vulnerability management technologies used within the SOC Mentor and guide the First Level Security Analysts Provides professional data analysis within the SOC processes and to SOC customers in order to drive further security measures and risk mitigation activities. Responsible for execution and maintenance of SOC related analytical processes and tasks Detailed technical security reporting to Management operating companies and appropriate stakeholders Work closely with other Information Security teams to ensure effective intrusion detection and incident response Continually maintain and improve technical capabilities through individual development activities, accreditations and certifications to remain constantly prepared to challenge the ever-evolving cyber threat Deep information security expertise Knowledge of network concepts, Windows and Unix administration Knowledge of typical security devices such as firewalls, intrusion detection systems, AV and End Point security, Web Application Firewalls, anti-spam systems, event correlation systems, etc. Understanding of security threats, attack scenarios; analysis and intrusion detection skills Analytical and Communication Skills: a. Excellent analytical skills and out-of-the box thinking b. Excellent communication capabilities c. Team player d. Fluent in English Quick learner and intuitive thinker the more you learn, the faster you’ll grow. Effective time task management skills. Confidence in independently delivering technical solution. Good problem-solving skills; ability to visualize a problem/situation and think abstractly to solve it
