Job Description

:

S&P Global Corporate

The Role: SIEM Content Developer, Cyber Fusion Operations

The Team: You will be part of the SIEM Engineering which is responsible for developing detection code in SIEMs like Splunk, Azure Sentinel. You will be responsible for performing activities within the content life cycle, including creating new parsers/connectors and use cases, testing content; tuning, and removing content; and maintain associated documentation.

The Impact: As a Security Automation Engineer you would work with a team of talented security engineers & work on a strategy & mechanisms to detect and respond to threats faster, reduce manual labor costs, and improve overall security posture.

What\'s in it for you:

You will work closely with the Cyber Operations Team and engineering teams to improve and build new tailored high fidelity security detections.

Help to build threat detection framework and mature the detection engineering (both external & internal) and threat hunting program

Opportunity to work on a wide & industry leading Cyber technology stack.

Immense opportunity to learn new technologies & gain new skill set.

Responsibilities:

Develop custom content within the Splunk & Sentinel using advanced SPL/ KQL and data models or other network security tools to detect threats and attacks against the department.

Participate & Lead briefings to provide expert guidance on new threats and will act as an escalation point for SecOps on Detection techniques.

Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and vulnerabilities.

Experience with creating and implementing content in EDR, SIEM, and SOAR

Stay informed on modern attack techniques and MITRE TTP\'s to integrate knowledge into new detections

Develop policies, standards and guidelines for threat detection and hunting.

Measure and track metrics for the detection engineering process to show progress towards goals and track gaps in detection coverage.

Enable compliance in teams and help them achieve some of the industry\'s best practices (e.g. NIST, ISO 27001)

Participate in Purple Team Exercises focusing on discovering improvement opportunities

Analyse network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc)

Stay up to date with latest threats and familiar with APT and common TTPs.

Utilize the Cyber Kill Chain and synthesize the entire attack life cycle.

Contribute to SOP development and updating.

What We\'re Looking For:

Candidates shall have a minimum of five (5) years of professional experience in security, information risk management, or information systems risk assessment, and must be knowledgeable in many areas such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web-filtering, and Advanced Threat Protection.

Proficiency in scripting language (Python, Bash, Powershell) & Git.

Strong background in application and API architecture and development CICD (Jenkins, Docker, etc ) & DevSecOps

Understanding of MITRE ATT&CK, Cyber Kill Chain, NIST

Knowledge in operating centralized log analysis tools - Splunk, EDR Platforms etc

Experience with deploying custom-built and scalable security solutions & enterprise or open-source security tools - SIEM, IDS/IPS, EDR, FIM, PAM

Broad knowledge of Active Directory, Microsoft Security products, Identity Management, network security, endpoint security, cloud security, vulnerability management, security incident response and malware.

Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response.

Strong written and oral communication skills including the ability to communicate and interact effectively with users that do not have a security background and be a security spokesperson throughout the organization.

Basic Qualifications:

Bachelors or master\'s in computers, IT or equivalent experience.

5 years+ experience in threat detection & building detection logic utilizing security logs to detect malicious activity with high fidelity across a broad set of detection use cases

Proven experience in developing Security used case using SPL & KQL.

Preferred Qualifications:

Atleast one of the Certifications such as CEH, CySA+, CISSP.

Ability to be proactive in keeping yourself updated with security news/issues/breaches/tools/blogs on the internet

Experience with leveraging agile development lifecycle and methodology to operationalize detection engineering program

Experience with building detection signals in cloud environments (AWS/GCP)

Return to Work: Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.

Grade/Level (relevant for internal applicants only): 10

The Location: Hyderabad, Gurgaon

About Company Statement: S&P Global delivers essential intelligence that powers decision making. We provide the world\'s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you\'ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.



Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person.

US Candidates Only: The EEO is the Law Poster describes discrimination protections under federal law.

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)

Job ID: 288850
Posted On: 2023-07-15
Location: Hyderabad, India

S&P Global