Engage in threat hunting within customer environments to detect attackers or remnants of their activity. Develop detection logic customized for the corporate threat landscape using industry-specific intelligence and developed use cases.
Design, develop, and implement effective security use cases and rules within the Security Information and Event Management (SIEM) system. Propel Security Orchestration, Automation, and Response initiatives for Injazat CFC.
Operationalize Indicators of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM. Collaborate closely with Security Engineering to onboard new data sources and work with Cyber Threat Intelligence (CTI) personnel to devise relevant use cases across various client networks.
Coordinate with technical architects to identify and recommend novel internal and external data sources for enhancing threat detection logic. Conduct research on numerous topics, including security principles, host and network-based security technologies, machine learning algorithms, and mitigation techniques.
Configure and maintain Azure Sentinel workspaces, including data connectors, log collection, and alert rules, to optimize threat detection and analysis.
Collaborate effectively with incident response and threat intelligence functions to design, develop, and automate detection content . Operationalize Indicators of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules within SIEM & Azure Sentinel.
Work closely with Security Engineering to streamline the onboarding of new data sources and collaborate with CTI personnel to develop meaningful use cases across diverse client networks.
Coordinate with technical architects to pinpoint and advocate for additional internal and external data sources to strengthen threat detection logic. Engage in research covering areas such as security principles, host and network-based security technologies, machine learning algorithms, and strategies for mitigation.
Qualifications and experience
BA/BS/BE or MS degree in IT, Computer Science or equivalent required.
7+ years of experience in one or more of the following areas: Threat Intelligence, Incident Response, Digital Forensics or Malware Analysis.
3+ years of experience in one or more of the following areas: detection engineering, proactive and reactive threat hunt techniques, security automation, incident response, digital forensics.
1+ years of experience with SOAR platforms such as FortiSOAR, Phantom, Cortex, XSOAR, Swimlane, etc.
Experience with SOC SOPs, playbooks, work instructions and/or other process documents.
Relevant professional certifications in information technology or cloud security e.g. SANS 508 (GCFA), SEC504 (GCIH) or equivalent.
In depth understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK).
Essential Job Functions
Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.
Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and vulnerabilities.
Develop Microsoft Sentinel content including Detection rules, Functions, Playbooks, LogicApps and Query Time Parser.
Specialize in Microsoft Azure Sentinel to enhance cloud security for our clients.
Integrate SOAR platform with other security tools and APIs through platform inbuilt apps and custom apps to execute automated workflows.
Build, Test, Deploy and Automate content in SIEM, NDR, EDR, etc. via security orchestration and automation playbooks/workbooks.
