Job Description
Help AG is looking for a talented and experienced Senior Security Engineer (Threat Content) who will be responsible for the creation of procedures, implementation of process development, and maintenance of threat content across internal and client environments. The Engineer will work closely with management, content team, other security engineers, and clients to complete high profile, critical services to existing Managed Security Service clients.
This position will be based in Dubai, UAE and will be responsible for enhancing detection content for the Cyber Security Operations Center (CSOC). This requires curiosity, creativity, and critical thinking skills, as well as attention to detail along with great organizational skills, and the ability to work in a highly collaborative work environment. The individual will also focus on mapping existing content to the MITRE ATT&CK framework, proposing new content development opportunities and collaborating with CSOC team members to tune existing content and create and enhance operational documentation, to assist members of the content team, the detection team and the engineering team.
Responsibilities
- Implement and maintain detection capabilities across SIEM and EDR/XDR platforms.
- Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity.
- Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new content development for detection and response.
- Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research.
- Support the onboarding of new data sources by developing relevant EDR/SIEM content.
- Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, and others.
- Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments.
- Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST.
- Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity.
- Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations.
- Assess customer needs and expectations, design solutions to meet those needs, and then implement the design.
- Quickly build and solve a problem using a new technology to determine viability.
- Serve as a primary responder for Managed Security customer systems, taking ownership of issues and tracking through resolution.
- Competent Splunk administration experience, expertise:
- Developing new or extending existing Apps to perform specialized functionality.
- Integrating Splunk with a wide variety of legacy data sources.
- Engaging application and infrastructure teams to establish best practices for utilizing Splunk data and visualizations.
Qualifications & Skills
- Minimum 8 years of professional experience supporting and maintaining threat content and as well as SPLUNK SIEM System is mandatory.
- Experience and knowledge of SIEM is essential.
- 6 years of experience with advanced tuning of SIEM content (preferably Splunk)
- Professional experience working with networks and networks architecture.
- College degree or equivalent training with experience working in a Security Operations Center and/or Managed Security.
- Information security knowledge in one or more areas such as EDR – Enterprise end-point security products (e.g., McAfee e-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.)
- Practical hands-on experience in EDR (Carbon Black), Vectra, and Microsoft Azure.
- Splunk, Azure Log analytics, or equivalent big data engine experience.
- Experience with MS Azure Information Protection and technologies, including solution architecture, deployment, management, and support in a large global enterprise.
- General security knowledge, certificates in Splunk Admin, Splunk Architect, Splunk Consultant is a must. Also, good to have are Azure, Managed vulnerability (Nessus/Tenable), EDR (Carbon Black) and Firewall related security certifications.
- Knowledge of Linux and Windows Operating systems.
- Experience with various other SIEM security products such as: Splunk, ArcSight, Nitro, or LogRhythm and infrastructure components such as proxies, firewalls, IDS/IPS, and DLP.
- Experience working with clients in a service delivery function.
- Shift flexibility, including the ability to provide after-hours support when needed.
- Experience working with internal and client ticketing and knowledge base systems for Incident and Problem tracking as well as procedures.
Benefits
- Health insurance with one of the leading global providers for medical insurance.
- Career progression and growth through challenging projects and work.
- Employee engagement and wellness campaigns activities throughout the year.
- Excellent learning and development opportunities.
- Inclusive and diverse working environment.
- Flexible/Hybrid working environment.
- Annual flight tickets to home country.
- Open door policy.
About Us
Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.
Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.
Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity. With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.