SIEM USE CASE CONSULTANT - Home Based - £DOE
MITRE, ATT&CK, Use Case, Qradar, Arcsight, Sentinel, Splunk
Working for a highly funded and agile company who are disrupting the global MSSP market we are looking for multiple people to join a Use Case factory from Analyst, Consultant to Design and Architect Level. As part of that team we are looking for a SIEM Use Case Expert/Consultant that will lead customer workshop to identify use cases that are required to secure the customers environment.
You will be responsible for
- Providing consulting services on Business and Cyber risk management. Directly lead, manage and get involved in conducting customer workshops for selection and design of use cases, use case value assessments, mapping back to the enterprise business and cyber risk and the MITRE ATT &CK framework.
- Extensive background in Cyber Risk Management
- Demonstrate how to map cyber risks to specific risk actuation techniques and Use Case based mitigation methods.
- Create Use Case specification that include required log sources, detection logic, event flow architecture, event source configuration requirements, and response requirements to ensure that the impact of a technique is within acceptable limits.
- Conduct through a knowledge acquisition process and a series of workshops with customers.
- Work closely with customer service owner in carrying out risk / gap
- Work with use case analysts and advise SOC for Use Case Requests and Use Case upgrades.
- Provide training to Customer SOC analyst on the use cases and the response procedures
- Identify areas for optimizing use cases and fine tune threat detection logic
- Provide support during use case fine tuning phase after handover to SOC
Must have Skills:
- Extensive experience in Information Security.
- Understanding of event logging, and SIEM technologies.( Qradar, Splunk, Azure Sentinel, Arcsight etc)
- Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc)
- Fundamental understanding of Incident Management and Security Operations.
- Demonstrated process orientation and ability to manage complex tasks.
- Minimum 10+ years of experience in customer facing roles.
- Strong communicator and fluent in English.
- Any of the following certifications are a plus: CISSP, C|EH, CISA, CISM, C|CISO, GIAC, CompTIA Security+, NCSF, CCSP, GIAC (any). Analytical skills