< Back to All Jobs

Splunk SIEM Rule/Content Developer

Location: Europe

Description

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

This individual will operate within the CyberProof Use Case Factory code and develop SIEM rule use cases based on design specifications provided by the SIEM Rule Designer.

 

Key Responsibilities

  • Implement SIEM code and logic rules per the specifications provided by the SIEM Rule Designer.
  • Ensure that the output from the SIEM system is aligned to requirements for upstream applications (Incident Management Platform), and users (SOC analysts).
  • Perform initial rule optimization (optimisation being optimizing query performance, condition ordering, initial filtering to reduce false positives etc, etc), prior to handoff to the Rule Tuning Engineer.
  • Create all required Detection Rule Use Case documentation, to include test requirements and acceptance test criteria.
  • Perform unit testing to ensure that alerts trigger as specified and that the output of the alert meets requirements.
  • Support acceptance testing as needed. 

Requirements

 Must have Skills:

  • Regex development
  • Kusto or SQL knowledge, including query optimisation
  • Familiar with security technologies (Firewall, Proxy, Linux, Windows)
  • SIEM system deployment
  • JSON
  • Fluent in English

 

Desired Skills:

  • Experience with SIEM Splunk
  • Knowledge of the Security Frameworks e.g. ISO27000x, NIST etc.
  • Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent) would be desirable but is not essential
  • Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
  • Good interpersonal and communication skills, works effectively as a team player
  • Ability to function effectively in a matrix structure
  • Strong facilitation, negotiation and conflict resolution skills
  • Analytical skills

APPLY FOR THIS POSITION