with SIEM or EDR platforms (e.g., Microsoft Sentinel, Splunk, Defender, CrowdStrike, Elastic). Expertise in building and tuning detection rules, dashboards, and automation playbooks. Proficiency in scripting or automation (KQL, PowerShell, Python, or similar). Knowledge of log management, APIs, data normalisation, and cloud security (Azure, AWS, or M365). Solid understanding of network, system, and identity security fundamentals. Excellent More ❯
platforms (Elastic Security mandatory; Sentinel or Splunk desirable) and EDR tools (e.g. Elastic XDR, Microsoft Defender, CrowdStrike, SentinelOne) Proficiency in detection rule development using query languages (e.g. ESQL, KQL, Lucene), and practical understanding of log sources across network, endpoint, cloud, and identity platforms Solid knowledge of MITRE ATT&CK, threat actor tactics, and experience in incident detection, triage, and More ❯
platforms (Elastic Security mandatory; Sentinel or Splunk desirable) and EDR tools (e.g. Elastic XDR, Microsoft Defender, CrowdStrike, SentinelOne) Proficiency in detection rule development using query languages (e.g. ESQL, KQL, Lucene), and practical understanding of log sources across network, endpoint, cloud, and identity platforms Solid knowledge of MITRE ATT&CK, threat actor tactics, and experience in incident detection, triage, and More ❯
