Working with a prominent system integrator in Qatar is at the forefront of providing crucial Detection and Response services. These services play a pivotal role in bolstering the security of customers at the national level, with a focus on Critical Sector Organizations dedicated to supporting the Critical National Infrastructure.
We are actively looking for exceptional individuals who possess the drive and passion to join our client's team. As part of this dynamic environment, you will contribute to the ongoing efforts to enhance effectiveness and efficiency in responding to threats. This includes tasks such as creating, tuning, and testing detections for various security tools and platforms.
Understand prevailing threats and how to mitigate them with EDR and SIEM.
Experience writing detections for EDR and SIEM
Experience writing Regex.
Familiarity with the MITRE ATT&CK framework
and the Cyber Kill Chain.
Understand security principles and practices.
Proven capability to learn and deliver to a high standard within deadlines.
Strong organizational skills and an ability prioritize tasks from multiple stakeholders.
Ability to relay complex technical subject matters to non-technical stakeholders.
Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root
cause of a problem.
Proven ability to thrive and respond to frequent demands of multiple constituents, both internal
and external, in a high-demand, customer-centric environment.
• Relevant bachelor’s degree
Additionally, one or more relevant industry certifications.
Experience working as part of an MSSP or MDR provider.
Familiarity and experience with multiple SIEM and EDR solutions, and detector formats
Experience with Elastic SIEM, Elastic Security Agent
and ElastAlert Detectors
• GCDA Certification or equivalent.
Roles and Responsibilities:
Develop, test and tune both detections and parsers for various tools and technologies.
Develop detection detectors in Sigma
and maintain a library in a version control system.
Maintain awareness of the current threat landscape, including adversary tactics, techniques,
Engage colleagues to validate detections, identify gaps in coverage, and test detection.
capabilities by simulating attacks in a lab environment.
Perform continuous improvement and validation to ensure accuracy and efficiency and
comprehensive coverage based on the industry standards (MITRE ATT&CK and Lockheed
Martin’s Cyber Kill Chain)
Handle requests for new detectors, determine the security value of those requests and clearly.
explain your decision to stakeholders.
Provide subject matter expertise for event logging and, event detection and recommend.
configurations to customers.
Work with colleagues and customers to reduce false positives and improve the computational
efficiency of Rules and use cases.
Understand and master data sources across a variety of categories including Windows, Linux,
Active Directory, Privileged Access Management, Intrusion Detection/Prevention, Firewalls,
Anti-Virus, Endpoint Detection & Response, Cloud Access Security Broking, Network Access
Control, Application Control and Productivity Apps.
Collaborate with key stakeholders across the SOC, Threat Intelligence, Offensive Security,
Engineering, Project, Product and Sales Teams.
Enable process automation through the development of high-confidence detections.
Document designs and processes and maintain a use case library with version control.
Develop resources such as dashboards, heat maps and other representations to demonstrate.
detection coverage and gaps.
Assist with designing and documenting work processes for detector development, testing,
deployment, and management.
Support Threat hunting practices, identify data sources to surface attacks and incorporate.
findings into security controls.
Responsible for mentoring and training of Junior Analysts and Engineers.
Perform other duties as assigned.
Competitive Tax-free Salary
Visa and sponsorship
20 days annual leave paid.