Good Job Creations
What You’ll Do
Design and fine-tune high-fidelity detection rules across SIEMs (Splunk, Sentinel, Devo, QRadar) and EDR platforms.
Build custom use cases based on MITRE ATT&CK and red team insights.
Eliminate false positives, improve alert accuracy, and continuously optimize detection logic.
Collaborate with red/purple teams to validate and evolve detection strategies.
Threat Hunting & Intelligence
Proactively hunt for threats across hybrid environments using telemetry from SIEM, EDR, and NDR tools.
Leverage threat intelligence and frameworks (MITRE, Diamond Model) to build and execute targeted hunting campaigns.
Analyze and operationalize threat intel to inform detection rules and incident response.
Incident Response
Lead end-to-end investigations—from triage to recovery—during security incidents.
Conduct forensic analysis and produce detailed reports with root cause and mitigation plans.
Develop playbooks, runbooks, and coordinate across teams and clients during major events.
Collaboration & Leadership
Mentor junior analysts and contribute to process automation and SOP development.
Engage with customers through regular reviews, briefings, and incident updates.
Drive continuous improvement through lessons learned, threat trends, and feedback loops.
Requirements
8–10+ years in SOC/MSSP environments with deep SIEM (Splunk, QRadar, Sentinel, Devo) and EDR (CrowdStrike, Defender) expertise.
Hands-on experience with SOAR platforms, malware analysis, scripting (shell, Python), and basic Unix/Linux troubleshooting.Strong grasp of threat detection, cyber TTPs, and frameworks like MITRE ATT&CK.
Excellent communication skills and the ability to lead cross-functional collaboration.
SANS certification (e.g., GCIH) strongly preferred.
Bonus Points For
Experience with threat hunting, vulnerability assessments, or DFIR.
Familiarity with cloud platforms (AWS, Azure, GCP) and network security tools.
Exposure to threat intel platforms like MISP.
#J-18808-Ljbffr
Design and fine-tune high-fidelity detection rules across SIEMs (Splunk, Sentinel, Devo, QRadar) and EDR platforms.
Build custom use cases based on MITRE ATT&CK and red team insights.
Eliminate false positives, improve alert accuracy, and continuously optimize detection logic.
Collaborate with red/purple teams to validate and evolve detection strategies.
Threat Hunting & Intelligence
Proactively hunt for threats across hybrid environments using telemetry from SIEM, EDR, and NDR tools.
Leverage threat intelligence and frameworks (MITRE, Diamond Model) to build and execute targeted hunting campaigns.
Analyze and operationalize threat intel to inform detection rules and incident response.
Incident Response
Lead end-to-end investigations—from triage to recovery—during security incidents.
Conduct forensic analysis and produce detailed reports with root cause and mitigation plans.
Develop playbooks, runbooks, and coordinate across teams and clients during major events.
Collaboration & Leadership
Mentor junior analysts and contribute to process automation and SOP development.
Engage with customers through regular reviews, briefings, and incident updates.
Drive continuous improvement through lessons learned, threat trends, and feedback loops.
Requirements
8–10+ years in SOC/MSSP environments with deep SIEM (Splunk, QRadar, Sentinel, Devo) and EDR (CrowdStrike, Defender) expertise.
Hands-on experience with SOAR platforms, malware analysis, scripting (shell, Python), and basic Unix/Linux troubleshooting.Strong grasp of threat detection, cyber TTPs, and frameworks like MITRE ATT&CK.
Excellent communication skills and the ability to lead cross-functional collaboration.
SANS certification (e.g., GCIH) strongly preferred.
Bonus Points For
Experience with threat hunting, vulnerability assessments, or DFIR.
Familiarity with cloud platforms (AWS, Azure, GCP) and network security tools.
Exposure to threat intel platforms like MISP.
#J-18808-Ljbffr