SIEM Content Development Specialist

at  Vodafone

MUST HAVE TECHNICAL / PROFESSIONAL QUALIFICATIONS:

• Bachelor’s degree or higher in Cyber Security/Information Technology or related field
• One or more cyber security certifications such as GCIA, GCIH, GCFA, GNFA, CEH, ECSA preferred

• Content Development – take part in and drive continual creation and refinement of rules and logic within the Vodafone SIEM/EDR/ELK infrastructure to improve Cyber Security Operations efficiency and effectiveness. This would include responsibilities such as the following:
  o Develop SIEM/EDR/ELK content to address attack vectors using current industry best practices
  o Analyse threats/adversaries/attack tools to develop indicator/behavioural based detections that alert and/or prevent malicious activity
  o Evaluate and make use of multiple data sources to build content across multiple SIEM/EDR/ELK platforms
  o Utilise SIEM/EDR/ELK to facilitate metrics collection, analysis and reporting
  o Create and maintain analytics documentation

o Effectively collaborate with colleagues and counterparts internally and externally

• Security Analysis – take part in and may drive security event analysis activities to address current Cyber threats
• Threat Response – may require engagement and possibly driving the analysis from blue team perspective to identify possible threat group activity
• Security Reporting and Advisories – take part in and may drive the delivery of cyber security reports and advisories to all key stakeholders
• Residual Risk Assessment – take part in and may drive the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting