Minimum 3 years of experience in SIEM content development.
Proficiency with SIEM tools like Splunk, ArcSight, QRadar, or Nitro ESM.
Strong understanding of security frameworks such as MITRE ATT&CK.
Good knowledge of networking concepts and security technologies.
Requirements:
Develop and implement threat detection content and use cases for SIEM platforms.
Assist in process development and improvement for Security Operations.
Create custom security content based on threat intelligence and hunting results.
Identify gaps in security controls and propose enhancements.
Job description
Skillset
Splunk Content Developer
Experience
7 to 12 Years (Relevant Experience only)
Location
PAN India
Notice Period
Immediate Joiners Only
Client
LTI
Roles and Responsibilities:
• Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc.
• Assisting with process development and process improvement for Security Operations to include creationmodification of SOPs, Playbooks, and Work instructions.
• Developing custom content based on threat intelligence and threat hunting results.
• Identifying gaps in the existing security controls and developpropose new security controls.
• SIEM Engineering and knowledge of integrating various log sources with any SIEM platform.
• Custom parsing of logs being ingested into the SIEM Platform
Job Requirements:
• 3+ years of experience working in the field of Content development and experience in delivering andor building content on any of the SIEM tools like SplunkArcSight QRadarNitro ESMetc.
• Deep understanding of MITRE ATT&CK Framework.
• Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools.
• Good understanding on networking concepts.
• Experience interpreting, searching, and manipulating data within enterprise logging
solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)
• In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.
• Ability to identify gaps in the existing security controls.
• Good experience in writing queriesrulesuse cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.
• Experience on EDR tools like Crowdstrike and good understanding on TTPs like Process Injection.
