Please respond to the job if you are an Australian Citizen and residing in Australia.
Key Responsibilities:
- Create threat models and preform threat hunts to inform the detection engineering strategy
- Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
- Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
- Develop playbooks for alert validation by understanding the context in which the detection rule is designed
- Collaborate with Cyber Defence Analysts for detection rule tuning
- Maintain the Threat Intelligence integrations across the SOC technology stack
- Assist in the identification of content shortfalls across the detection engineering practice
- Assist with incident response at that direction of the incident manager
- Conduct in-depth research and analysis for new detection content
- Assist in the onboarding of new data sources to meet requirements of use cases
- Provide evaluation and feedback necessary for improving intelligence production and reporting
- Provide support to designated exercises, planning activities, and time sensitive operations
Essential Criteria
Demonstratable experience in content development with at least 2 SIEM technologies (Splunk, Elastic, Q-Radar, MS Sentinel)
Experience in a detection engineering practice
An understanding of the sigma detection rule syntax
Experience with SOAR technologies and playbook development
Experience with EDR technologies (Carbon Black, CrowdStrike, Defender ATP)
A thorough understanding of the cyber Threat Intelligence lifecycle
Knowledge of scripting languages (Bash, Python)
Strong organisational and teamwork skills.
Professional Certifications, such as GIAC
Minimum 5 years of cyber security operations experience