Requirements

Expected technologies

Python

Our requirements

• 5+ years of experience in a Security Operations Center (SOC) or similar role with hands-on experience with SIEM tools (e.g., Sentinel, QRadar, ArcSight).
• Proficient in Python for automation and scripting.
• Strong understanding of Incident Response processes and methodologies and experience with MITRE ATT&CK framework to map and analyse threats.
• Knowledge of Endpoint Detection and Response (EDR) platforms (e.g., CrowdStrike, Carbon Black, SentinelOne). Familiarity with threat hunting techniques and processes.
• Certifications such as GSEC, CISSP, OSCP, MaD are preferred.

Your responsibilities

• Analyse security data from diverse sources, including logs, EDR solutions, and network traffic, to identify and assess threats. Coordinate and lead security incident response efforts, including containment, eradication, and recovery.
• Develop and implement automation scripts and playbooks using Python to streamline incident detection, response, and reporting processes.
• Automate security alert triage, enrichment, and remediation workflows to reduce response time and improve efficiency.
• Use the MITRE ATT&CK framework to classify attack vectors, understand adversary behaviour, and enhance detection capabilities.
• Map security incidents and alerts to the MITRE ATT&CK tactics, techniques, and procedures (TTPs) for comprehensive analysis. Manage and configure EDR platforms for real-time endpoint monitoring and protection.