About the role
Working within our Security Operations Centre, the focus of this role is the implementation of security monitoring, detection and response technologies across Redscan’s ThreatDetect client base. This involves designing, developing and deploying security content across both SIEM and EDR technologies.
- Design, configure, test and tune security content, including threat detection rules, responses, parsers, processing rules and reports across EDR and SIEM technologies.
- Interact with customers to understand their environment and effectively build whitelists, blacklists, asset lists and high-fidelity detection rules.
- Understand and master data sources across a variety of categories including Windows, Linux, Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls, Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access Control, Application Control and Productivity Apps.
- Collaborate with key stakeholders across the SOC, Threat Intelligence, Red Team, Engineering, Project, Product and Sales Teams.
- Automation of manual processes.
- Document designs and processes.
- Strong interest in security and the drive and desire to learn.
- Understanding of security principles and practices.
- Understanding of EDR and SIEM technologies.
- Experience with Regex, Python and JQ is desirable.
- Proven capability to learn and deliver to a high standard against tight deadlines.
- Strong organisational skills and an ability prioritise tasks from multiple stakeholders.
- Ability to relay complex technical subject matter to non-technical decision makers.
- Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of issues to help solve problems.
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment.