Threat Content Lead - Cybersecurity \xe2\x80\x93 Dubai
Summary
Splunk SME
Understand about Attacks and Threat
Develop Query and define syntax in EDR
Hands-on developing content in Splunk
70% hands-on & 30% management
MSS Background is mandatory
Responsibilities
Implement and maintain detection capabilities across SIEM and EDR/XDR platforms.
Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity.
Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new content development for detection and response.
Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research.
Support the onboarding of new data sources by developing relevant EDR/SIEM content.
Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, and others.
Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments.
Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST.
Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity.
Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations.
Assess customer needs and expectations, design solutions to meet those needs, and then implement the design.
Quickly build and solve a problem using a new technology to determine viability.
Serve as a primary responder for Managed Security customer systems, taking ownership of issues and tracking through resolution.