Must be able to obtain Negative Vetting Level 1
The department requires an experienced cyber security engineer to assist with the following deliverables:
- Develop and maintain of SIEM alerts and dashboards to aid with threat detection.
- Work with Security Analysts to understand, develop and maintain automatic detection and response capabilities using available SOAR capabilities.
- Utilise available threat intelligence to enrich alerts.
- Develop and maintain team SOPs and playbooks for SIEM management and configuration, including, alert exclusions and alert tuning.
- Assist with the upkeep of the SecOps environment where needed.
- Demonstrated experience managing/maintaining logging and SIEM technologies
- Demonstrated knowledge of cyber security principles and processes in a defensive context
- Demonstrated ability to develop alerting rules and dashboards to assist with threat detection and incident response.
- Ability to learn and understand how the operating environment functions normally and effectively identify anomalies when they occur
- Demonstrated experience with development practices and DevOps pipelines.
- Experience with Azure Sentinel, Kusto Query Language (KQL) and Azure logging mechanisms
- Experience with Microsoft’s suite of security tools, including Azure Security Centre, Microsoft 365, and Microsoft ‘Defender for’ tools (Endpoint, Identity, etc.)
- Experience managing a Windows environment, including patching, Active Directory and Group Policy management.
- Experience utilising threat intelligence services and tools such as MISP to enrich data and alerts that originate from SIEM and logging tools such as Syslog-ng