The role holder is responsible for the continuous development of content management, correlation rules and reporting, providing technical insight into current and emerging threat activity based on threat modelling tools and techniques.Subject Matter Expert for Cyber Security monitoring, managing the delivery of all content management for detecting threats aligned with the Mitre Att&ck Framework and Cyber Kill Chain utilizing native Microsoft security monitoring solutions.* Ensure all continuous improvement such as adding new types of detection logic, use cases, intelligence and data enrichment feed and log type* Attend content meetings with IMSS operational team to review Security Incidents and collaborate on content tuning* Improve and challenge existing processes and procedures in a very agile global and fast-moving information security environment.Skills, Experience & Qualifications* Possesses experience with Microsoft Azure Security monitoring solutions including configuration and management of;Microsoft Azure SentinelMicrosoft Defender Advanced Threat Protection (MDATP)Microsoft Cloud App Security (MCAS)Azure Security Centre (ASC)Azure Advanced Threat Protection (AATP)* Solid understanding of log management (format, storage, transport, etc.) and different types of log sources* Experience with Azure and O365 management and security logging capabilities* Experience with content management and writing detection logic on security event platforms* Experience with Query Languages (e.g. KQL)* Scripting or programming experience in Python/Powershell* In depth knowledge of Linux OS and Windows OS* Understanding of security vulnerabilities in common operating systems, web and applications, including knowledge of remediation procedures.* Solid technical background in a hosted services environment - physical and cloud infrastructure, networks, hardware and software.* Experience with configuring and using automated monitoring tools* Experience integrating on premise and cloud solutions (Hybrid Azure Infrastructure).* Advanced understanding of information security, border protection, incident handling & response, forensics, endpoint protection & encryption* Experience of working in a high volume and result-oriented operational environment.* Experience of working in high performing teams and understand the dynamics of teamwork in a SOC environment.* Able to evaluate current people, processes, technology, and business drivers to improve the IMSS.* Strong ability to communicate write clearly and speak authoritatively to different audiences
Lorien Plc is acting as an Employment Agency in relation to this vacancy.
your application has been submitted