. Role title: SIEM Content Development Specialist Location: Newbury What you'll do Content Development - take part in and drive continual creation and refinement of rules and logic within the Vodafone SIEM/EDR/ELK infrastructure to improve Cyber Security Operations efficiency and effectiveness. This would include responsibilities such as the following: o Develop SIEM/EDR/ELK content to address attack vectors using current industry best practices o Analyse threats/adversaries/attack tools to develop indicator/behavioural based detections that alert and/or prevent malicious activity o Evaluate and make use of multiple data sources to build content across multiple SIEM/EDR/ELK platforms o Utilise SIEM/EDR/ELK to facilitate metrics collection, analysis and reporting o Create and maintain analytics documentation o Effectively collaborate with colleagues and counterparts internally and externally Security Analysis - take part in and may drive security event analysis activities to address current Cyber threats Threat Response - may require engagement and possibly driving the analysis from blue team perspective to identify possible threat group activity Security Reporting and Advisories - take part in and may drive the delivery of cyber security reports and advisories to all key stakeholders Residual Risk Assessment - take part in and may drive the delivery of 'operational and technical' lessons learnt post incident analysis and reporting Who you are Minimum of 1-3 years' experience in SIEM content (rule logic and code) development role Minimum of 1 years of SOC analyst experience (Level2 or above) required 5 years IT experience In depth and extensive hands-on experience in security event analysis, create and refine SIEM/EDR rules and deliver efficiency within the SIEM and all other technologies used within the team Deep knowledge of IPv4/IPv6, TCP networking protocols Deep knowledge of Windows/Linux operating systems Good working knowledge of security technologies such as SIEM (ArcSight, Sentinel, QRadar, LogRhythm, Splunk), EDR (Microsoft Defender, FireEye, Tanium), IDS/IPS, firewalls, proxies, web application firewalls, anti-virus, etc. Understanding of Window Security Event logs and Syslog Excellent familiarity with endpoint/perimeter security attack vectors and detection (blue/purple teaming) Familiarity with standard security frameworks such as MITRE, cyber kill chain and APT campaign strategies Good knowledge of cloud platforms such as Azure, O365, Google cloud, AWS, Oracle Good working knowledge of regular expression development Scripting and programming experience is highly desirable Kusto or SQL knowledge, including rule/query optimisation Proven ability to prioritise workload, meet deadlines and utilise time effectively Good interpersonal and communication skills, works effectively as a team player and the ability to communicate technical information to a non-technical audience Must have technical / professional qualifications: Bachelor's degree or higher in Cyber Security/Information Technology or related field One or more cyber security certifications such as GCIA, GCIH, GCFA, GNFA, CEH, ECSA preferred What's in it for you Discretionary yearly bonus: 10% Annual leave: 28 days bank holidays the opportunity to buy/sell/carry over 5 days/year Charity days: 5 days/year Maternity leave: 52 weeks out of which 39 weeks are fully paid 13 weeks half pay and 6 months - working 4 days, getting paid 5 Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%. Access to: private medical, private dental, free health assessments, share save scheme Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan Together We Can: Li-Hybrid ",