SOC Cyber Security Content Specialist
CR, Asuncion De Belen
hace 1 día

Job Description :

Well-rounded IT professional needed to own and evolve the governance framework to driving security content into the next generation Security Information Event Management (SIEM) platform.

This position is responsible for generating content and rules to be consumed by SIEM. May include using traditional SIEM tools as well as mining data out of large data lakes for correlation.

Candidate must be adaptable, and demonstrate the ability to understand, assess and implement new technologies. Strong organizational, document management, and communication skills required.

Big picture thinking coupled with deep security knowledge and the ability to perform hands-on engineering tasks. Able to understand and solve business problems while managing associated risks and compliance requirements.

Primary tasks include, but not limited to :

  • Content Development (rules, lists, reports, queries, dashboards, etc.) in SIEM
  • Event correlation analysis on very large data sets in SIEM or data lakes
  • Technical generation and implementation of rules (use cases) from conceptual documented requirements
  • Tuning to reduce or eliminate false positives in SIEM solution
  • Provide documentation of all rules, content, and workflow integrated with the system
  • Provide training to global team members on the rules, content and workflows
  • Fostering a clear understanding of business direction and strategy to help drive content decisions within the SIEM and Open Source Platforms
  • Working with relevant project leads, assess the impact to the content as a result of on-boarding and off-boarding, and changes to, security devices across the evolving customer environment
  • Testing of new content rules, adding, changing or removing rules, and documenting the content rules
  • Providing reports on a monthly basis or ad hoc communicating the changes in the content in the SIEM platform
  • Coordinating Content Validation Testing in a blue team / red team approach, working with the test team to ensure content rules remain effective as well as remediating issues when they are discovered
  • Applying cyber threat intelligence from internal and external sources to the existing content library to perform gap analysis focused on identifying the need for expansion of the existing content library
  • Gathering, analyzing, understanding and applying contextual and business information supporting the function of the 3M Information Security Risk & Compliance Security Operation Center
  • Contribute to support and maintaining additional reports and metrics across the content components of the Managed Security Services Program
  • Active participation in while providing input to 3M’s overall regulatory compliance
  • Required Experience :

  • 5+ years working within information security
  • 3+ years SIEM Content Development experience
  • Strong experience with SIEM and log management technologies (Arcsight, ELK, etc.)
  • Strong analysis and design skills with the ability to devise creative technical solutions
  • Ability to convey a strong presence, professional image, and deal confidently with complex technical problems
  • Understanding of Linux and Windows OS
  • Strong experience with Java, Python, and Perl scripting
  • Relational database experience
  • Understanding of big data solutions
  • Nice to have :

  • 5+ years SIEM Content Development experience
  • Experience working with RESTful API’s
  • Understanding of Data Lakes (Hadoop, ELK)
  • Understanding of Automation Orchestration frameworks
  • Experience integrating new log sources and data correlation rules into the SIEM
  • Understanding of Open Source data lake solutions
  • Knowledge of security analytics
  • Experience working in a customer facing role, preferably manufacturing
  • Preferably 7+ years of experience within the information security field
  • Professional certifications to include CEH, CISSP, etc
  • Inscribirse
    Añadir a los favoritos
    Eliminar de mis favoritos
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación