Cedent
Job description:
• Design, implement and automate high-fidelity detection rules using SIEM, EDR, and other telemetry sources (e.g. Sentinel, Defender, AWS, etc.) to improve efficiency and accuracy.
• Monitor and tune alerts to reduce false positives and improve signal-to-noise ratio.
• Regularly test and validate detection content to ensure its effectiveness and accuracy.
• Create documentation and knowledge transfer materials for detections and engineering processes.
• Perform gap analysis and continuously improve detection coverage, accuracy, and resilience.
• Design and develop security automations workflows using SOAR (Security Orchestration, Automation, and Response) primarily using Microsoft Sentinel/Logic Apps.
• Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds, ticketing systems, and other SOC tools.
• Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups, and ticket creation.
• Develop dashboards or utilities to improve visibility and operational insights into SOC metrics.
• Collaborate with security operations center analysts & threat intelligence to stay ahead of evolving adversary tactics (MITRE ATT&CK-based).
• Create and update relevant runbooks, playbooks and other necessary documentation around detection rules and attacker TTP's.
• Prepare and present detailed reports on detection/automation activities, findings, and improvements to senior management.
Qualifications: • Bachelor's degree in cybersecurity, computer science, information technology, or related field. • 5+ years in cybersecurity, with 3+ years specifically in detection and automation engineering. • Proficiency in writing detection logic using KQL, SPL or other relevant query languages. • Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python, JavaScript) • Proficient in developing automations using SOAR platforms, specifically Microsoft Sentinel/Logic Apps • Understanding of SOC operations, incident response workflows, and threat detection techniques. • Experience with RESTful APIs and integration of third-party tools. • Experience building advanced analytics (ML) and developing AI agents/tools • Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure). • Strong, practical knowledge of the MITRE ATT&CK framework, and how to map adversary behaviors to telemetry for detection design. • Deep understanding of attacker TTPs, threat modeling, and detection methodologies. • Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code concepts. • Experience in using security orchestration, automation, and response tools. • Strong analytical skills to analyze large volumes of data and identifying potential threats, patterns. • The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels. • Relevant certifications such as:
o Microsoft SC-200, Azure Security Engineer Associate
o AWS Certified Security - Specialty
o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM
Department: Preferred Vendors This is a contract position
Qualifications: • Bachelor's degree in cybersecurity, computer science, information technology, or related field. • 5+ years in cybersecurity, with 3+ years specifically in detection and automation engineering. • Proficiency in writing detection logic using KQL, SPL or other relevant query languages. • Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python, JavaScript) • Proficient in developing automations using SOAR platforms, specifically Microsoft Sentinel/Logic Apps • Understanding of SOC operations, incident response workflows, and threat detection techniques. • Experience with RESTful APIs and integration of third-party tools. • Experience building advanced analytics (ML) and developing AI agents/tools • Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure). • Strong, practical knowledge of the MITRE ATT&CK framework, and how to map adversary behaviors to telemetry for detection design. • Deep understanding of attacker TTPs, threat modeling, and detection methodologies. • Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code concepts. • Experience in using security orchestration, automation, and response tools. • Strong analytical skills to analyze large volumes of data and identifying potential threats, patterns. • The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels. • Relevant certifications such as:
o Microsoft SC-200, Azure Security Engineer Associate
o AWS Certified Security - Specialty
o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM
Department: Preferred Vendors This is a contract position