Information Security Developer / Engineer
Primary Responsibilities
Author and maintain a set of correlation and threat hunting rules that produce alerts/incidents for SOC review.
Create automations from static threat intelligence and dynamic machine learning capabilities to monitor the performance of the ruleset (false positives/false negatives).
Advise how performance of these rules might be improved through the use of additional enrichment data sources, analysis techniques, or other tuning practises. Minimal proofs of concept may also be required depending on the level of engineering effort required to enact the advice provided.
Integrate rules and their corresponding incidents with a proprietary severity scoring model for SOC prioritisation.
Plan, test, and codify remediation guidance for each threat or threats detected by a rule. This should always include human-readable steps for manual remediation, but may also include scripted or otherwise automated remediation steps.
Create full lifecycle integration tests for rules and remediation steps.
Desired Skills
Experience with modern security Tools, Techniques, and Procedures (TTPs), specifically:
o Threat intelligence exchanges, their contents, and integration techniques, such as IOCs, YARA rules, STIX/TAXII, etc.
o SIEM and SOAR platforms
o Endpoint automation tools such as Consul, Ansible, Chef, etc.
Familiarity with major cloud providers, such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
Familiarity with virtualisation and containerisation technologies such as VTx and LXC/Docker.
Experience in a software development lifecycle, specifically one based on Agile (Scrum or Kanban).
Experience writing and managing sustainable software solutions in one or more of these ecosystems:
o Python 3
o Go
o .NET Framework (C#/F#)
Familiarity with log aggregation or data lake platforms.
Familiarity with streaming analytics tools such as Spark or Flume.
Familiarity with big data modelling and querying techniques such as map/reduce.
Hi there!
May Peace Be Upon You !!
I am a Certified Ethical Hacker and PenTester, With 7+ years of experience conducting penetration testing government and private companies around the world.
I would like to work with you to detect the security weakness in your System/Server/Website before the hackers do it.
Right now I am placing a placeholder bid, We will decide the price and time after discussion.
Please start the chat so we can have a detailed discussion.
Thanks.
HI, there! Thank you for your posting!
I have looked through your posting, fully understood your requirements.
I have rich experienced with SIEM solutions such as OSSIM, OSSEC, Snort, Nagios, Open VAS and ELK stack based log monitoring solution for root cause analysis and diagnostic system
I have deep knowledge and theories with Information Security Strategy and Principles. I am familiar with OSSIM engine rules and several patterns and very experienced with several agents written by several programming language
I agree with your opinion that Automation scenarios and manually issue covering solution must be both prepared.
I think that to make rule, we must need professional theory and experiences
Please contact me, hope you share the details
Looking forward to your positive response
Best Regards
Vasilatos
Hi,
I am Nick. I am a software engineer with five years of experience in cloud development.
While browsing, I happen to read your post and got interested. Through several years of experience, I have got solid understanding in ISO27001 & 27002 and NIST cloud security. I have worked on cloud security management platform based on OSSIM, have worked with NIDS based on snort, HIDS based on Ossec and vulnerability & asset management with tools like nmap and openvas. I am quite familiar with log aggregation with ELK as well.
I think I can help you with this project.
Love to discuss more details.
Regards,
Nick
hello I have experience in security and also devops skills such as programming ruby/python shell etc, configuration management
I am familiar witch cloud providers and on-premise server technologies, virt such as lxc, vmware and openstack
regarding checks chef's inspec
kind regards Maciej
Hi,
I'm an expert as SOC Analyst and working in real job environment, I'm experience with Fortinet firewall, F5 firewall, Carbon Black, LogRhythm SIEM, FireEye endpoint, TrendMicro solutions and Sandboxing.
Kindly check my profile.
Thanks!