Associate, Threat Detection Content Development Analyst

Ensign InfoSecurity

Empowering you with the region’s largest pure-play cybersecurity expertise & innovation. Your partner in confronting the challenges of the digital world.

View all jobs at Ensign InfoSecurity

Responsibilities

• Manage common threat detection use case library.
• Monitor threat landscape and generate threat detection content to detect latest threats and distribute among CSOCs efficiently and in a timely manner.
• Actively support threat detection rule/dashboard creation process in CSOCs under SOCaaS, update common threat detection use case library and redistribute the content across all applicable CSOCs.
• Work on use case development tasks raised as a result of analyst threat hunt findings, across all CSOCs under SOCaaS.
• Actively support SIEM use case management process across all CSOCs under SOCaaS.
• Analyse log sources onboarded to SIEMs, understand capabilities of deployed technical controls and develop new effective threat detection content.
• Leverage internal and external resources to research threats, vulnerabilities and intelligence on various threat actors and exploitation tools, platforms and generate high fidelity threat detection content.
• Use an analytics platform to identify threats in the available information repositories.
• Perform threat research to identify potential threat vectors and work with multi-disciplines to improve prevention and detection methods.
• Support SOC directors to identify gaps in CSOC threat detection rules, telemetry and logging capabilities and propose enhancement plans to achieve improved detection capabilities.
• Actively take part in CSOC automation cadence and suggest ideas to improve analyst efficiency and investigation accuracy.

Requirements

• Bachelor Degree in Computer Engineering, Computer Science, Cyber Security, Information Security or other equivalents.
• In-depth understanding of Sigma.
• Skilled in threat hunting.
• In-depth understanding of Mitre Att&ck framework.
• Ability to communicate with multiple stakeholders with clarity.
• Thorough understanding of functionality of Cloud platforms, firewalls, IPS, EDR, proxy, Gitlab, API and SIEM.
• Good understanding of Windows and Linux/Mac.
• Curious mindset, drive to acquire new knowledge/skills and apply the knowledge to solve problems.
• Scripting knowledge on Python, Go, Powershell, or Bash.

Preferred Skills / Qualities

• Regularly keeping up with infosec affairs, threat landscapes and exposure to well-known threat actors.
• Self-starter and independent in threat research activities.
• Able to install and use own mini test lab from scratch.
• Ability to show proficiency in one or more regional languages and dialects.
• Clarity of communication, ability to listen to stakeholders and translate conversations into technical requirements.