SIEM Content Management Lead - Threat Detection (1-2 yrs)

We are looking for a highly skilled SIEM Content Management Lead to oversee the design, development, and implementation of security information and event management (SIEM) solutions.

The ideal candidate will have strong expertise in SIEM platforms, content creation, and threat detection techniques to enhance the organization's security monitoring and response capabilities.

Key Responsibilities :

SIEM Content Development :

- Design, develop, and maintain SIEM content, including detection rules, use cases, correlation rules, dashboards, and reports.

- Optimize SIEM content to minimize false positives and maximize detection accuracy.

- Develop threat detection use cases based on threat intelligence, attack scenarios, and business requirements.

Incident Response Support :

- Work closely with the Incident Response team to support investigations by providing relevant SIEM content.

- Enhance detection capabilities by analyzing security incidents and refining detection rules accordingly.

- Participate in post-incident reviews to improve SIEM use cases and response processes.

Threat Intelligence Integration :

- Integrate threat intelligence feeds and data sources into SIEM to improve detection capabilities.

- Stay updated on the latest threat trends and leverage threat intelligence to improve SIEM content.

SIEM Platform Management :

- Manage the SIEM platform, ensuring its performance, availability, and scalability.

- Work with security operations teams to troubleshoot and resolve issues related to SIEM content.

Collaboration and Stakeholder Management :

- Collaborate with various teams, including IT, SOC, and Incident Response, to understand business requirements and develop relevant SIEM content.

- Conduct regular meetings with stakeholders to review and update SIEM content based on emerging threats and organizational needs.

Continuous Improvement :

- Monitor the effectiveness of SIEM content and make continuous improvements to detection capabilities.

- Conduct regular audits of SIEM content to ensure compliance with industry standards and best practices.

Required Skills and Experience :

Experience :

- 5+ years of experience in security operations, SIEM content development, or a related field.

- Strong expertise in SIEM platforms such as Splunk, IBM QRadar, ArcSight, or Azure Sentinel.

- Experience developing and tuning SIEM content, including correlation rules, dashboards, and alerts.

Technical Skills :

- In-depth knowledge of threat detection techniques, security event analysis, and incident response processes.

- Familiarity with threat intelligence frameworks (MITRE ATT&CK, Cyber Kill Chain, etc.) and their integration with SIEM.

- Hands-on experience with scripting and automation (Python, PowerShell, etc.) for SIEM content management.

Certifications :

- Relevant certifications such as CISSP, CEH, GCIA, GMON, or vendor-specific certifications (Splunk Certified Architect, QRadar Certified Deployment Professional) are a plus.

Soft Skills :

- Excellent problem-solving skills and attention to detail.

- Strong communication and collaboration abilities, with the capability to work effectively with cross-functional teams.

- Ability to work in a fast-paced, dynamic environment and adapt to changing security requirements.

Preferred Qualifications :

- Experience with cloud-based SIEM solutions and monitoring cloud-native environments.

- Understanding of security frameworks and compliance requirements (e., NIST, ISO 27001)