SIEM/SOAR Developer

SIEM / SOAR Developer - Cyber Security Platform Developer

A great opportunity to be working with one of the world's leading financial institutions, supporting their cyber response platforms.

Primary Responsibilities

The Cyber Response Platform team is looking for an experienced cyber-security professional to join their team as a SIEM/SOAR content developer. The ideal candidate has hands-on experience in computer network defence working either in or for a Security Operations Center or Cyber Incident Response Team.

You will join a team of technologists and cyber-security professionals that are dedicated to improving the coverage, quality and automation of cyber-security detection and response.

• Develop playbooks and automation in SOAR with analysts to improve efficiency of the SOC.
• Develop analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts.
• Design and develop integrations to connect to internal and external services.
• Work alongside incident response analysts to automate the response to security incidents and improve security response coverage.
• Perform analysis of security posture including recommending improvements to controls and processes.
• Automate auxiliary team processes with SOAR playbooks.
• Monitor and support SIEM and SOAR platforms to ensure security and stability of SOC infrastructure.

Skills required (essential)

• Minimum of 3 years of experience in cyber detection engineering or incident response
• Minimum of 1 year of experience developing automations in SOAR
• Experience in the creation and management of detection logic in SIEMs (e.g Splunk, ArcSight, Microsoft Sentinel)
• Intermediate experience developing scripts in Python
• Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use-case development
• Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
• Strong communication, task management and organizational skills
• Highly experienced with Unix/Linux command-line tools and shell scripting

Skills desired

• Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
• Strong hands-on experience with a query language (e.g Splunk’s SPL or Elastic’s EQL, SQL)
• Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark)
• Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
• Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
• Experience deploying to, and leveraging cloud environments (e.g. AWS, Azure, Google)