Cybersecurity Threat Content Developer (DSC/JH)

ST ENGINEERING INFO-SECURITY PTE. LTD
Singapore
SGD 60,000 - 80,000
Job description

We are seeking an experienced security professional responsible for the scoping of prospective Managed Security Services (MSS) customers’ requirements and provisioning new client services into our MSS systems (On-prem and Cloud environment). Post provisioning, you will continue to review the onboarded logs, use cases, and monitoring metrics with the clients. This role may work with multiple clients at any one time and will be instrumental in ensuring new clients are provisioned smoothly and efficiently. You will work closely with the customer success manager and service delivery manager to be successful in this role.

Scope

  • Perform log parsing and event mapping, as well as create custom parsers, to allow logs to be recognized by Security Information and Event Management (SIEM).
  • Perform analysis of network traffic and create correlation rules in SIEM.
  • Continuously monitor and analyze the performance of existing use cases and perform fine-tuning detection rules to reduce false positives.
  • Create comprehensive documentation for all developed use cases, ensuring clear guidelines for use and maintenance.
  • Collaborate with Security Analysts on the investigation of detected threats and anomalies.
  • Collaborate with Security Orchestration, Automation and Response (SOAR) team to escalate alerts to customers for further investigation.
  • Collaborate with Threat Intelligence and Digital Forensics teams to translate threat bulletins and forensic findings into actionable detection use cases.
  • Coordinate with the Deployment team and customers to deploy collectors and agents in the on-prem and cloud network for data collection and forwarding.
  • Collaborate with Deployment teams to onboard customer log sources into our SIEM system to support detection use cases.
  • Collaborate with Customer Success Managers and Security Leads to develop reports and visualizations for customers.
  • Configure detection rules and monitoring use cases for the customer and achieve signed off.

Requirements

  • Technical expertise with configurations of various logs sending devices, custom parsers, and SIEM tools.
  • Technical expertise with log collectors and able to troubleshoot log ingest issues for various logs sending devices.
  • Hands-on experience with popular SIEM platforms such as Splunk, QRadar, MS Sentinel, Chronicle, Elastic, Stellar.
  • Familiarity with cloud infrastructure and cloud-based SIEM, including ingesting log data from cloud storage into the SIEM. (Candidates with related cloud certification i.e., AWS certification SysOps Administrator – Associate have an added advantage.)
  • Familiar with MITRE Framework.
  • Familiar with Sigma Rules.
  • Familiar with Mongo Database.
  • Experienced in Python Programming.
  • Excellent troubleshooting and analytical skills.
  • Attention to detail and ability to communicate well in a professional manner.
  • Previous experience with provisioning and integrating environments.
  • 3+ years of network security experience working with enterprise clients preferred.
  • Ability to interpret the complexity of technical problems.
  • Reliability to maintain focus on contracted deliverables at all times.
  • Excellent interpersonal, coordination, and problem-solving skills.
  • High level of initiative, accountability, professional diligence, attention to detail, and ability to follow processes.
  • Ability to work independently, as well as being able to work as part of a team in a pressured environment.
  • Proactive, flexible attitude to work with an open mind to be exposed to different job scopes in varying degrees, and willingness to constantly review and improve skills and processes.
  • Candidates with certifications (CISSP, GCIH, OSCP) would be preferred.

Work location: Ang Mo Kio

Get a free, confidential resume review.
Select file or drag and drop it
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Cybersecurity Threat Content Developer (DSC/JH) jobs in Singapore