Cybersecurity Threat Content Developer (DSC/JH)

We are seeking an experienced security professional responsible for the scoping of prospective Managed Security Services (MSS) customers’ requirements and provisioning new client services into our MSS systems (On prem and Cloud environment). Post provisioning, you will continue to review the onboarded logs, uses cases and monitoring metrics with the clients. This role may work with multiple clients at any one time and will be instrumental in ensuring new clients are provisioned smoothly and efficiently. You will work closely with the customer success manager and service delivery manager to be successful in this role. 

Scope

• Perform log parsing and event mapping, as well as create custom parsers, to allow logs to be recognised by Security Information and Event Management (SIEM)
• Performing analysis of network traffic and create correlation rules in SIEM.
• Continuously monitor and analyze the performance of existing use cases and perform fine-tuning detection rules to reduce false positives.
• Create comprehensive documentation for all developed use cases, ensuring clear guidelines for use and maintenance.
• Collaborate with Security Analysts on investigation of detected threats and anomalies.
• Collaborate with Security Orchestration, Automation and Response (SOAR) team to escalation alerts to customers for further investigation.
• Collaborate with Threat Intelligence and Digital Forensics teams to translate threat bulletins and forensic findings into actionable detection use cases.
• Coordinate with Deployment team and customers to deploy collectors and agents in the on prem and cloud network for data collection and forwarding.
• Collaborate with Deployment teams to onboard customer log sources into our SIEM system to support detection use cases.
• Collaborate with Customer Success Managers and Security Leads to develop reports and visualisations for customers.
• Configure detection rules and monitoring use cases for the customer and achieve signed off.

Requirements

• Technical expertise with configurations of various logs sending devices, custom parsers and SIEM tools.
• Technical expertise with logs collectors and able to troubleshoot log ingest issues for various logs sending devices.
• Hands-on experience with popular SIEM platforms such as Splunk, QRadar, MS Sentinel, Chronicle, Elastic, Stellar.
• Familiarity with cloud infrastructure and cloud based SIEM, including ingesting log data from cloud storage into the SIEM. (Candidate with related cloud certification i.e AWS certification SysOps Administrator – Associate has an added advantage)
• Familiar with MITRE Framework
• Familiar with Sigma Rules
• Familiar with Mongo Database
• Experienced in Python Programming
• Excellent troubleshooting and analytical skills
• Attention to detail and ability to communicate well in a professional manner.
• Previous experience with provisioning and integrating environments.
• 3+ years of network security experience working with enterprise clients preferred.
• Ability to interpret the complexity of technical problems.
• Reliability to maintain focus on contracted deliverables at all times.
• Excellent interpersonal, co-ordination and problem-solving skills.
• High level of initiative, accountability, professional diligence, attention to detail and ability to follow process.
• Ability to work independently, as well as being able to work as part of a team in a pressured environment.
• Proactive, flexible attitude to work with an open mind to be exposed to different job scopes in varying degrees, and willingness to constantly review and improve skills and process.
• Candidates with certifications (CISSP, GCIH, OSCP) would be preferred

Work location: Ang Mo Kio