Apply for SOC Content Developer Job

6+ Years Relevant Experience

• Use Case Development: Knowledge of organizational risks and threats to design relevant and effective detection rules.
• Log Sources: Understanding log formats, sources, and parsing for accurate data utilization in use cases.
• SIEM and Analytics Tools: Familiarity with platforms like Securonix, Sentinel, or Splunk to implement and monitor use cases.
• Alert Logic: Ability to define thresholds, logic, and conditions to reduce false positives and improve detection accuracy.
• Incident Response Needs: Awareness of incident response workflows to align use cases with actionable intelligence.
• Performance Metrics: Skills to create and optimize KPI/KRI reports to track detection and response performance.
• Fine-Tuning Methodology: Experience in analyzing alert data to refine use cases and adjust logic periodically.
• Detect and respond to company-wide security incidents, coordinating cross-functional teams to mitigate and eradicate threats.
• Incident response lead for high impact cybersecurity incidents.
• Triage events, escalations and incidents to determine remediation and resolution actions.
• Coordinate appropriate response activities across teams or directly with stakeholders to rapidly remediate potential threats.
• Develop playbooks to improve processes and information sharing across teams.
• Initiative and project-related support to provide Security Operations and Incident Response perspective and subject matter expertise.
• Contribute technical and process improvements within the team.
• Participate in current operations, on call rotation. Which includes some after-hours responsibilities and escalations.

Primary Skill

• Experience in Cyber Threat incident response, vulnerability research, malware analysis and exploit investigation.
• Demonstrated experience in computer security related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, Insider Threat and web-focused security topics.
• Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT), Spear Phishing, and credential compromise techniques.
• Proven ability to drive large scale, high visibility projects with high collaboration and leadership.
• Excellent judgment, decision-making skills, and the ability to work under pressure.
• Excellent written and oral communication skills.
• Excellent presentation skills and experience of presenting to senior management.
• Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
• Develop and improve the existing EDR Specific use cases for enhanced detection.
• Analyze the TTP's of the emerging threats and coordinate with the EDR team to develop use cases for EDR.
• Closely coordinate and provide continuous support for CSIRT team in an event of a P1/P2 Security Incidents.
• Conduct a Security Incident tabletop simulation internally with in SOC to gauge the process and track improvements.
• Handle BEC emails targeted against VIP users within the Organization.

Secondary Skills

• EC-Council’s Certified Incident Handler (E|CIH).
• Experience with Cloud Computing and technology.
• Experience with Unix/Linux, or work relating to OS internals or file level forensics.
• CISSP or related GIAC certifications.
• Good to have certifications: Network Security certification, security plus, CISA, CISSP.