SIEM Rule Expert (Use Case Arch-Designer)
Location: United Kingdom
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
CyberProof is seeking a SIEM rule expert
So what you will be doing:
- Lead use case workshops with Customer
- Identify use cases that are applicable to be created, based on the data sources in scope
- Advise customer of any additional data sources or data types that need to be monitored
- Provide use case documentation for the agreed use cases with all necessary information
- Create and document response procedures for each use cases aligned to Customer IR process
- Define use case acceptance criteria and develop test plan
- Perform use case testing to validate use cases are operational as defined
- Provide training to Customer SOC analyst on the use cases and the response procedures
- Identify areas for optimizing use cases and fine tune threat detection logic
- Provide hypercare support during use case fine tuning phase after handover to SOC
Key Responsibilities for the Risk Analyst
- Provide consulting and advisory services on Business and Cyber risk management. Directly lead, manage and get involved in conducting customer value workshops for selection and design of use cases, use case value assessments, mapping back to the enterprise business and cyber risk and the MITRE ATT &CK framework (Tactics, Techniques and Procedures).
- Extensive background in Risk Management and work with customers to identify several top business risk areas that are linked to cyber based activities.
- Demonstrate how to map these cyber risks to specific risk actuation techniques and Use Case based mitigation methods.
- Create Use Case specification that include required log sources, detection logic, event flow architecture, event source configuration requirements, and response requirements to ensure that the impact of a technique is within acceptable limits.
- Conduct through a knowledge acquisition process and a series of workshops with customers.
- Work closely with customer service owner in carrying out risk / gap analysis, define use cases to mitigate risks, prioritize the use cases, identify the data sources and security events to collect and then create necessary use case requests (use case specification document) for development of the use cases.
- Assist the sales teams, Service Delivery Managers, and Technical Account Managers in the leading and managing customer workshops on use cases.
- Work with use case analysts and advise SOC for Use Case Requests and Use Case upgrades.
- Provide progress updates to customers and Use Case Stakeholders.
Must have Skills:
- Minimum of 10+ years of experience in Information Security.
- Understanding of event logging, and SIEM technologies.
- Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc)
- Fundamental understanding of Incident Management and Security Operations.
- Demonstrated process orientation and ability to manage complex tasks.
- Minimum 10+ years of experience in customer facing roles.
- Strong communicator and fluent in English.
- Security Assessment consulting.
- Any of the following certifications are a plus: CISSP, C|EH, CISA, CISM, C|CISO, GIAC, CompTIA Security+, NCSF, CCSP, GIAC (any).
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively.
- Excellent interpersonal and communication skills, works effectively as a team player
- Ability to function effectively in a matrix structure
- Strong facilitation, negotiation and conflict resolution skills
- Analytical skills