Job Description
SIEM/SOAR Content Developer| 12 Months (Inside IR35)| Hybrid (Glasgow)
Harvey Nash's Client is recruiting for a SIEM/SOAR Content Developer on a 12 month contract.
Main Responsibilities
* You will join a team of technologists and cyber-security professionals that are dedicated to improving the coverage, quality and automation of cyber-security detection and response
* Develop playbooks and automation in SOAR with analysts to improve efficiency of the SOC.
* Develop analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts.
* Design and develop integrations to connect to internal and external services.
* Work alongside incident response analysts to automate the response to security incidents and improve security response coverage.
* Perform analysis of security posture including recommending improvements to controls and processes.
* Automate auxiliary team processes with SOAR playbooks.
* Monitor and support SIEM and SOAR platforms to ensure security and stability of SOC infrastructure.
Key Skills
* Cyber Response Platforms is looking for an experienced (5+ years) cyber-security professional to join their team as a SIEM/SOAR content developer.
* Our ideal candidate has hands-on experience in computer network defence working either in or for a Security Operations Center or Cyber Incident Response Team.
* Minimum of 3 years of experience in cyber detection engineering or incident response
* Minimum of 1 year of experience developing automations in SOAR
* Experience in the creation and management of detection logic in SIEMs (eg Splunk, ArcSight, Microsoft Sentinel)
* Intermediate experience developing scripts in Python
* Strong knowledge of exploitation techniques (eg MITRE ATT&CK) and use-case development
* Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
* Strong communication, task management and organizational skills
* Highly experienced with Unix/Linux command-line tools and Shell Scripting
This role falls inside of IR35 and is hybrid working with the expectation to attend the Glasgow office 2/3 days a week. Please note that for this role you must have or be happy to get a Basic Disclosure Scotland. To apply, please send your CV using the link.