Job Description

Work closely with SIEM Content Engineering service to ensure close alignment in the alerting and orchestration. Work closely with service architect to map integrations and dependencies across security tools (e.g., Splunk, Tanium, Anomali), JIRA, and APIs. Conduct training sessions on new playbooks and integration with operations personnel. Ensure proper documentation is created and maintained for playbooks, integrations, and interfaces. Run daily agile sessions, sprint planning, and demos in the absence of product / program manager. Support the Cyber Threat Use Case Manager, Cyber Defence Analysts, and Threat Intel Analysts in designing and implementing threat use cases. Develop and gather requirements for threat use cases to detect adversary behaviours. Maintain the threat use case library to ensure use cases are properly enriched, mapped to Mitre Att&ck, and operating correctly. Work closely with Threat Intelligence, Cyber Defense Center, and business stakeholders to identify potential threat scenarios and translate them into threat use cases. Work closely with other service lines to continuously enhance threat use cases as new products, logs, and capabilities are introduced to the organization. Identify and improve orchestration, data enrichment and triage capabilities through SOAR platform. Ensure proper documentation is created and maintained for playbooks, integrations, and interfaces. Primary Skill SOAR Python Playbooks Secondary Skills Excellent written and verbal communication skills. Ability to multi task, prioritize, coordinate, work well under pressure and meet deadlines.

Monster