AddressPlease respond to the job if you are an Australian Citizen and residing in Australia.
Key Responsibilities:
- Create threat models and preform threat hunts to inform the detection engineering strategy
- Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
- Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
- Develop playbooks for alert validation by understanding the context in which the detection rule is designed
- Collaborate with Cyber Defence Analysts for detection rule tuning
- Maintain the Threat Intelligence integrations across the SOC technology stack
- Assist in the identification of content shortfalls across the detection engineering practice
- Assist with incident response at that direction of the incident manager
- Conduct in-depth research and analysis for new detection content
- Assist in the onboarding of new data sources to meet requirements of use cases
- Provide evaluation and feedback necessary for improving intelligence production and reporting
- Provide support to designated exercises, planning activities, and time sensitive operations
Every application requires to address selection criteria as part of application submission
Essential Criteria
Demonstratable experience in content development with at least 2 SIEM technologies (Splunk, Elastic, Q-Radar, MS Sentinel)
Experience in a detection engineering practice
An understanding of the sigma detection rule syntax
Experience with SOAR technologies and playbook development
Experience with EDR technologies (Carbon Black, CrowdStrike, Defender ATP)
A thorough understanding of the cyber Threat Intelligence lifecycle
Knowledge of scripting languages (Bash, Python)
Strong organisational and teamwork skills.
Professional Certifications, such as GIAC
Minimum 5 years of cyber security operations experience
