SPLUNK SIEM RULE/CONTENT DEVELOPER – Inside IR35
A cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. Automating processes to detect and prioritize threats early and respond rapidly and decisively. Trust by some of the world’s largest enterprises to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. This individual will operate within the Use Case Factory code and develop SIEM rule use cases based on design specifications provided by the SIEM Rule Designer.
- Implement SIEM code and logic rules per the specifications provided by the SIEM Rule Designer.
- Ensure that the output from the SIEM system is aligned to requirements for upstream applications (Incident Management Platform), and users (SOC analysts).
- Perform initial rule optimization (optimisation being optimizing query performance, condition ordering, initial filtering to reduce false positives etc, etc), prior to handoff to the Rule Tuning Engineer.
- Create all required Detection Rule Use Case documentation, to include test requirements and acceptance test criteria.
- Perform unit testing to ensure that alerts trigger as specified and that the output of the alert meets requirements.
- Support acceptance testing as needed.
- Must have Skills:
- Regex development
- Kusto or SQL knowledge, including query optimisation
- Familiar with security technologies (Firewall, Proxy, Linux, Windows)
- SIEM system deployment
- Fluent in English
- Experience with SIEM Splunk
- Knowledge of the Security Frameworks e.g. ISO27000x, NIST etc.
- Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent) would be desirable but is not essential
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
- Good interpersonal and communication skills, works effectively as a team player
- Ability to function effectively in a matrix structure
- Strong facilitation, negotiation and conflict resolution skills
- Analytical skills