About the role
Working within our Security Operations Centre, the focus of this role is the implementation of security monitoring, detection and response technologies across Redscan/Kroll’s client base. This involves developing, testing and deploying security content across EDR and SIEM technologies.
- Develop, test and tune detections for various EDR technologies.
- Develop, test and tune both detections and parsers for various SIEM technologies.
- Develop and maintain a detection database in Sigma.
- Be intelligence-led and develop detections to mitigate the latest threats.
- Work with Offensive Security to validate detections and identify gaps in coverage.
- Handle requests for new detections, determine the security value of those requests and clearly explain your decision to stakeholders.
- Be an SME on audit logging and recommend configurations to customers.
- Reduce false positives and improve the computational efficiency of existing content.
- Work with customers to build effective whitelists and blacklists.
- Understand and master data sources across a variety of categories including Windows, Linux, Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls, Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access Control, Application Control and Productivity Apps.
- Collaborate with key stakeholders across the SOC, Threat Intelligence, Offensive Security, Sales Engineering, Engineering, Project, Product and Sales Teams.
- Create scalable processes through automation.
- Document designs and processes.
- Understand prevailing threats and how to mitigate them with EDR and SIEM.
- Experience writing detections for EDR and SIEM technologies.
- Experience writing Regex.
- Familiarity with the Mitre ATT&CK framework.
- Understand security principles and practices.
- Proven capability to learn and deliver to a high standard within deadlines.
- Strong organisational skills and an ability prioritise tasks from multiple stakeholders.
- Ability to relay complex technical subject matter to non-technical stakeholders.
- Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment.
- Bachelors or Masters degree (preferable)