Threat Analyst role with experience using Splunk, preferably experience with building correlation searches within Splunk Enterprise Security
Responsibilities:
Investigate and review computer intrusions focusing on initial infection vector determination, identification of new indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) in support of threat detection and prevention development.
Research, build, and maintain detection capabilities for the latest threats across SIEM correlations and security tool signatures.
Contribute to and lead efforts to improve the SOC\'s effectiveness, advancing technical capabilities at pace with the latest threats.
Support and integrate with incident response, threat intelligence, and overall security strategy as needed.
Generate high quality documentation of research and analysis results, including processes and findings clearly and concisely to both technical and non-technical audiences
Requirements:
At least 5 years of experience performing hands-on log analysis and host/network forensic analysis in support of incident response OR applicable training/certification
At least 4 years of experience developing threat detection content in support of incident response.
At least 2 years of experience with Splunk and Splunk Enterprise Security.
Strong understanding of TCP/UDP traffic, SIEM and log analysis technologies.
Strong understanding of Windows and Linux operating systems, as well as command line tools.
Strong understanding of Cloud architecture and security monitoring of cloud environments
Strong interest in Endpoint Detect Response (EDR) technologies.
Basic experience with programming languages such as Python and PowerShell.
Exposure to malware analysis (static and dynamic).
Ability to manage multiple activities and events simultaneously, with a strong ability to prioritize multiple tasks and respond to high priority events, organizing and scheduling work effectively.
Operate effectively as part of a geographically dispersed team
If you are interested in this position, please click "Apply Now" and we will review your qualifications & reach out to you for further discussion & next steps.
Only shortlisted candidates will be responded to, therefore if you do not receive a response within 14 days please accept this as notification that you have not been shortlisted.
EA Licence No: 11C5502 Registration No: R1876903
eFinancialCareers
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.