The Senior Cyber Threat Detection Engineer is responsible for the design and creation of threat detection use cases, logging standards, and support of the log transportation infrastructure and SIEM.
- Support and maintain the SIEM, data analytics and supporting logging infrastructure.
- Build and enhance the detection capabilities of Security Operations through the design, implementation and ongoing tuning of detection rules within the SIEM
- Drive creation, maintenance, and documentation of logging standards.
- Design, build and maintain Cyber Threat Detection tooling.
- Leverage knowledge of cyber threat TTPs to inform the design of detection rules.
- Manage the intake of log sources into the SIEM and data analytics solutions.
- Create and maintain operational documentation to support the SIEM and data analytics platforms.
- Build and maintain dashboards and reporting to demonstrate platform performance.
- Experience with administration of a SIEM
- Knowledge of common logging formats and methods of transporting logs across a network.
- Experience managing logging infrastructure from operating systems through to application.
- Knowledge of cloud technologies including AWS and Azure.
- Understanding of the creation of logging standards and requirements to meet organization and regulatory requirements.
- Knowledge of information security protection, detection and authentication systems (firewalls, IDS, IPS, Anti-Virus, Active Directory etc).
- Strong working knowledge of networks including the TCP/IP stack, typical organisation architectures, and common protocols abused by malware.