Develop and implement SIEM use cases using Splunk Enterprise Security and Azure/MCAS.
Thoroughly document implementations, via technical documentation and playbooks.
Categorize SIEM use cases using MITRE ATT&CK framework, participate in Purple team testing, and ensure successful implementation.
Develop use cases in Cloud and on-prem SIEM to detect advanced threats, actor techniques, anomalous or suspicious activity to identify potential and active risks to systems and data.
Thoroughly document implementations, via technical documentation and playbooks for the client.
Design and drive technical plans toward security analytics management objectives such as: integration of events from cloud/on-prem platforms to enterprise SIEM; implementation of use cases/policies; net new security use cases development to support Security Logging & Monitoring/UEBA, account for the effect of the evolving threat space on the overall set of existing security use cases.
Minimum 3 years of relevant working experience in information security, cybersecurity, data protection or a related field
Understanding of the capabilities within Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics, Amazon Web Services (AWS), GCP, and Microsoft Azure platforms.
Experience in performing security event management, security information event management and/ or security analytics configuration and management, security use case development and tuning, operational management, and administration.
Will be beneficial to possess industry-related certifications such as CEH, GCIA, GSEC, CISM, Splunk
If you are suitable, feel free to write in to Andrea Soh