Siem Rule Content Developer
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
CyberProof is seeking a SIEM Expert join our UCF team.
This individual will operate within the CyberProof Use Case Factory code and develop SIEM rule use cases based on design specifications provided by the SIEM Rule Designer.
- Experience with SIEM Azure Sentinel/Splunk/Qradar
- Implement SIEM code and logic rules per the specifications provided by the SIEM Rule Designer.
- Ensure that the output from the SIEM system is aligned to requirements for upstream applications (Incident Management Platform), and users (SOC analysts).
- Perform initial rule optimization (optimisation being optimizing query performance, condition ordering, initial filtering to reduce false positives etc.), prior to handoff to the Rule Tuning Engineer.
- Create all required Detection Rule Use Case documentation, to include test requirements and acceptance test criteria.
- Perform unit testing to ensure that alerts trigger as specified and that the output of the alert meets requirements.
- Support acceptance testing as needed.
Must have Skills:
- Regex development
- Kusto or SQL knowledge, including query optimisation
- Familiar with security technologies (Firewall, Proxy, Linux, Windows)
- SIEM system deployment
- Fluent in English
- Knowledge of the Security Frameworks e.g. ISO27000x, NIST etc.
- Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent)
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
- Good interpersonal and communication skills, works effectively as a team player
- Ability to function effectively in a matrix structure
- Strong facilitation, negotiation, and conflict resolution skills
- Analytical skills