Siem Content Developer

IG is seeking someone with recent and demonstrated concentration in creating detection content and dashboards in Splunk ES for a SOC. As a SIEM Content Engineer you will help ensure today is safe and tomorrow is smarter. Our work depends on SIEM Content Engineer joining our team to enhance threat detection capabilities.

Day to Day / Description :

Content Development : Design, develop, and implement SIEM content, including correlation rules, alerts, dashboards, and reports to detect and respond to cybersecurity threats.

Log Source Integration : Integrate various log sources into the SIEM platform, ensuring accurate data ingestion, parsing, and normalization.

Threat Detection : Develop and fine-tune detection use cases to identify malicious activities, anomalies, and potential security incidents.

Incident Response : Collaborate with the incident response team to provide context and support for investigations, leveraging SIEM data and alerts.

Tuning and Optimization : Continuously optimize SIEM rules and content to reduce false positives and improve detection efficacy.

Compliance and Reporting : Create and maintain compliance-related content and reports to ensure adherence to regulatory and organizational requirements.

Threat Intelligence Integration : Integrate threat intelligence feeds into the SIEM to enhance detection capabilities with contextual threat data.

Documentation : Maintain comprehensive documentation for SIEM content, configurations, and procedures to ensure operational continuity and knowledge transfer.

Collaboration : Work closely with security analysts, SOC teams, and other stakeholders to understand their needs and improve SIEM content based on feedback and evolving threats.

Training and Mentoring : Provide training and mentoring to junior team members and security analysts on the use of SIEM tools and interpretation of SIEM alerts and reports.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity / affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and / or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal. com.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy : https : / / insightglobal.com / workforce-privacy-policy / .

Preferred Skills : PCAP analysis

Splunk

Azure

AWS

Education : Bachelor of Science

Required Experience :

10+ years experience

Required Technical Skills :

SIEM Platforms Proficiency : Expertise in Splunk SIEM

Scripting and Automation : Proficiency in scripting languages like Python, PowerShell, or Bash to automate tasks and develop custom SIEM content.

Log Management : Strong understanding of log management, including collection, parsing, and normalization of log data from various sources.

Security Analysis : In-depth knowledge of security analysis techniques, including threat detection, correlation, and incident investigation.

Networking Fundamentals : Solid understanding of network protocols, architectures, and devices to analyze network traffic and identify anomalies.

Threat Intelligence : Ability to integrate and utilize threat intelligence feeds to enhance SIEM content and detection capabilities.

Regular Expressions : Proficiency in using regular expressions for log parsing, data extraction, and pattern matching within SIEM tools.

Incident Response : Experience with incident response processes and the ability to support investigations using SIEM data.

Security Clearance Level :

MBI

Required Skills and Abilities :

Network Analysis

IDS

SIEM