Tecplix Technologies

Engineer main duties and responsibilities:

- Develop and implement content for SIEM platforms, including Google Chronicle, Sumologic, and Splunk.

- Configure and fine-tune use cases, correlation, grouping, and logical rules in SIEM tools.

- Integrate new log sources, assets with SIEM, and incremental threat intelligence feeds.

- Draft, test, and deploy YARA and Chronicle Backstory rules.

- Implement integration of endpoints with SOAR solutions, notably Simplify, CXSOAR, and Sumologic SOAR.

- Design and enhance SOAR playbooks, including specialized ones for Palo Alto.

- Curate and update Incident Response Guides.

- Customize SIGMA rules and maintain familiarity with the MITRE ATT&CK Framework.

- Develop threat detection content for various datasets such as Proxy, VPN, Firewall, and DLP.

- Automate workflows using orchestration platforms like Demisto (Cortex XSOAR).

- Aid in process development/improvement for Security Operations.

- Recognize and propose new security controls to bridge existing gaps.

- Chronicle Backstory/ ELK Stack/ YARA / CrowdStrike rules experience is a candidates will have as much of the following:

- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience).

- After-hours availability required

- Proficiency in Python programming is required; familiarity with other scripting languages is a plus.

- Minimum of 3 years in Content Engineering and Development with hands-on experience in SIEM tools like Google Chronicle, Sumologic, Splunk, and QRadar.

- Comprehensive understanding of the MITRE ATT&CK Framework.

- Proven experience in SOC Incident analysis, covering security technologies such as Firewalls, VPNs, Intrusion detection tools, and EDR tools.

- Strong foundation in networking concepts.

- Proficiency in interpreting and manipulating data within enterprise tools (e.g., SIEM, ITSM).

- Skilled in crafting security analytics queries for platforms like ELK and Splunk.

- Familiarity with EDR tools like CrowdStrike and understanding of TTPs, including Process Injection.

- Outstanding communication, problem-solving, and investigative skills.

Bonus:

- Experience with Chronicle Backstory, ELK Stack, YARA, and CrowdStrike rules.

- Relevant certifications such as Certified Information Systems Security Professional (CISSP) or CompTIA Security+ are advantageous.

- Knowledge of container technologies such as ECS, EKS, Fargate, and Docker.