Threat Detection Engineer - Cyber Security (5-9 yrs)

Key Responsibilities :

- Conduct threat detection, incident handling and hunting activities by leveraging security best practices and current detection/response platforms.

- Classify and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.

- Develop use cases and create threat detection logic, rules, and alerting in SIEM for response by the Security Operations team.

- Work with leadership and stakeholders to recommend/implement processes, procedures, and technologies to improve the detection efforts.

- Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and creating new alerting in the SIEM.

- Support the 24/7 Security Operations and Incident Response teams.

Required Skills :

- Expertise with content development and alert tuning.

- In-depth familiarity with Mitre Attack Framework and ability to identify gaps in TA TTP detections and defenses.

- Demonstrated in-depth experience working with key cyber security tools such as SIEM (Splunk, Sentinel and their associated query languages), Tanium, and Defender ATP.

- Demonstrated in-depth experience with a variety of cyber security tools such as Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire,

- Demonstrated in-depth experience identifying and assessing Active Directory threats and building appropriate detections, or similar expertise with -nix environments.

- Expert knowledge of network monitoring and network exploitation techniques

- Ability to demonstrate analytical expertise, close attention to details, excellent critical thinking and learn and adapt quickly.

- Ability to learn and operate in a dynamic environment.

- Strong written communication skills.

Soft Skills :

- Strong verbal and writing skills.

- Able to demonstrate ability to write clear and concise text using good English and correct grammar.

- Excellent analytical abilities and a strong ability to think critically when looking at risk

- Self-driven who can take initiative to get things done on their own without waiting to be told.

Good to have :

- Security certification (either of GCFA, GREM or OSCP/OSCE etc.)

- Able to think critically to pass those exams and/or need prior security experience.

- Strong analytical skills.

- Sound understanding of network infrastructure and communication protocols.

Qualification :

- BE/BTech or MTech/MS in Engineering, Computer Science, Information Security, or Information Systems.

- Certifications such as GCFA, GREM or OSCP/OSCE

Certification :

Any Certificates mentioned below :

- Certifications such as GCFA, GREM or OSCP/OSCE