Part of the duties include:
Assisting with development of SIEM use cases to support detection and incident response capabilities and facilitate deployment of additional monitoring tools, e.g. Microsoft sysmon. Additionally automating security incident response workflows and develop playbooks and procedures to assist analysts in responding to incidents.
Must haves are:
- Demonstrated experience (3+ years) with LogRhythm or other SIEM technologies, including log onboarding and maintenance.
- Demonstrated experience (3+ years) performing cyber security incident response activities and developing playbooks/SOPs or similar documentation.
- Experience with AWS & Azure logging mechanisms and integration with SIEM technologies.
- Experience with Microsoft technology stack – Defender ATP, Azure ATP, MCAS, or equivalent technologies.
- Experience with syslog-ng and/or syslog-ng Store Box products.
- Experience with regular expressions (Regex), scripting (PowerShell, Bash, Python) and other security tools as relevant in a defensive security context.
To register interest in this role send your CV (in Word format) to the following link below.
YOUR APPLICATION WILL BE TREATED WITH THE STRICTEST CONFIDENCE.
As a service we have a partner who checks resumes for grammar, layout and spelling you may wish to review. https://www.cvfixit.com.au/