About the role

Working within our Security Operations Centre, the focus of this role is the implementation of security monitoring, detection and response technologies across Redscan/Kroll’s client base. This involves developing, testing and deploying security content across EDR and SIEM technologies.

Apply here

Responsibilities

  • Develop, test and tune detections for various EDR technologies.
  • Develop, test and tune both detections and parsers for various SIEM technologies.
  • Develop and maintain a detection database in Sigma.
  • Be intelligence-led and develop detections to mitigate the latest threats.
  • Work with Offensive Security to validate detections and identify gaps in coverage.
  • Handle requests for new detections, determine the security value of those requests and clearly explain your decision to stakeholders.
  • Be an SME on audit logging and recommend configurations to customers.
  • Reduce false positives and improve the computational efficiency of existing content.
  • Work with customers to build effective whitelists and blacklists.
  • Understand and master data sources across a variety of categories including Windows, Linux, Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls, Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access Control, Application Control and Productivity Apps.
  • Collaborate with key stakeholders across the SOC, Threat Intelligence, Offensive Security, Sales Engineering, Engineering, Project, Product and Sales Teams.
  • Create scalable processes through automation.
  • Document designs and processes.

About you

Requirements

  • Understand prevailing threats and how to mitigate them with EDR and SIEM.
  • Experience writing detections for EDR and SIEM technologies.
  • Experience writing Regex.
  • Familiarity with the MITRE ATT&CK framework.
  • Understand security principles and practices.
  • Proven capability to learn and deliver to a high standard within deadlines.
  • Strong organisational skills and an ability prioritise tasks from multiple stakeholders.
  • Ability to relay complex technical subject matter to non-technical stakeholders.
  • Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
  • Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment.
Apply here