Qualification & Experience:
We seek out curious minds! We value attention to detail! And we care deeply about outcomes.!
We’re looking for passionate people, who are eager to learn, willing to share, and establishing innovative ways of working and influencing culture change.
Bachelor degree in Computer Science, Engineering, or related field and Masters in Information Security would be preferred.
Knowledge in writing parsing in Splunk at different levels UF, HF, Indexer, Search Head is mandatory.
Knowledge in writing regexes is mandatory.
Working knowledge with Splunk Phantom is preferred.
Strong knowledge of python is mandatory. Experience with DevOps principles and dataset management is preferred.
Past experience of working with L2/L3 SOC analyst or a forensic analyst or a CERT team member is preferred.
Experience/knowledge with threat scenarios in multiple domains like Windows, Network, Unix/Linux, Cloud (AWS/GCP) , Encryption is preferred.
Information Security and/or Information Technology industry certification (OSCP, SANS GIAC or equivalent) will be preferred.
Splunk Certifications like Certified Advanced Power User, Certified Consultant, Splunk Enterprise Certified Architect, Certified Developer, Enterprise Security Certified Admin are preferred.
Knowledge in SOC referential such as Sigma, Stix Taxii, MITRE ATT&CK is preferred.
Good interpersonal and communication skills, works effectively as a team player.
Experience in Agile, SAFE & Scrum methodology preferred.
French language knowledge will be an added advantage.
Responsibilities
Collaborate with team members to develop and guide for investigation/remediation automations using python.
Collaborate with different business stakeholders to onboard data on Splunk.
Collaborate with the SOC Infrastructure team to manage CI/CD pipelines and IaC.
Collaborate with UCF (Usecase Factory) to improve the overall detection scope for the SOC.
Contribute to the evolution and improvement of the SOC Use Case framework.
Collaborate with UCF Lead, Security & Application Architects define & finalise SOC automation developments.
Ensure the SIEM platform tool is configured with detailed Use case requirements and configuration details to implement the use cases and there are supporting SOC processes.
Engage with Head of SOC, SDM Lead to prioritise SOC use case automation implementation schedules on a Agile & Safe mode.
Collaborate with Use case factories to oversee automation deployments and developments.
Manage and work on CI/CD pipelines to deploy the automations.
Participate in Security threat and monitoring forums to learn and keep abreast of the latest changes and good practices