Perform implementation, maintenance, support and operation of the project's security monitoring use cases
Maintain understanding of the architecture and work with security team to understand the use cases to be created.
Identity, evaluate and recommend new areas of improvements for the implementation.
Adhere to established change management process and other service management process in day-to-day tasks
Create, finetune and maintain SIEM data sources, use cases, correlation rules and security alerts classifications
Review, propose and generate dashboards and reports to automate monitoring of systems and log and threat intelligence feed ingestion, and reduce low value event escalations
Build rules and intelligence to detect threats in all monitored assets
Implement and devise detection method of such threats in our security operations through SIEM use cases etc
Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
Review and update data enrichment, including use of threat intelligence to enhance fidelity of detection
Review and maintain UEBA data sources and use cases
Requirements
At least 3 years of experience in security operations in a SOC environment
At least 2 years of experience in creating, finetuning and maintaining correlation rules and SIEM dashboards