Cyber Security Specialist - SIEM (5-6 yrs)

Responsibilities :

- Develop and maintain cyber threat detection and hunting capabilities for NAB Group.

- Actively research, innovate and uplift in the areas of threat detection and hunting.

- Develop and maintain attack & use case models against NAB Group environment and systems for the purposes of detection and monitoring use cases.

- Build and maintain continuous validation and assurance of the detection and hunting pipeline.

- Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business.

- Develop threat/attack models to depict and model detection of known attack vectors.

- Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability.

- Work with the Red Team to actively test and validate detection capabilities.

- Contribute to the team's performance, including but not limited to :

- Improve Time to Detect.

- Reduce Time to Respond (through detection uplift as well as Automation).

- Increase detection fidelity ratio & reduce false positives.

- Increase Detection coverage.

- Maintain Detection currency.

- Increase overall maturity of the team (primarily NIST "DETECT" pillar).

Your skills & experience :

- 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role.

- 5+ years developing detections within a SIEM environment (such as Splunk ES).

- 2 years + experience working with Splunk or MS Defender Advanced Hunting.

- Experience working with security tools such as endpoint detection and response systems, network anomaly detection etc.

- Experience working with one or more cloud environments (AWS, Azure, GCP, etc) and awareness of threats impacting them.

- Demonstrated willingness to engage in self-learning or cyber security research outside of standard business hours.

- Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions.

- Ability to think like an adversary/threat actor.

- Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar.

- Working in large/complex environments.

- Good consulting and stakeholder management.

- Pro-active & energetic work ethic.

- Participation or experience in penetration testing / red teaming exercises, including network, infrastructure and application exploitation would be a plus.

Knowledge of the following frameworks is required :

- NIST Cybersecurity framework.

- MITRE ATT&CK.

- Lockheed Martin Cyber Kill Chain- or similar methodologies.