SIEM/SOAR Content Developer

SIEM/SOAR Content Developer| 12 Months (Inside IR35)| Hybrid (Glasgow)

Harvey Nash's Client is recruiting for a SIEM/SOAR Content Developer on a 12 month contract.

Main Responsibilities

• You will join a team of technologists and cyber-security professionals that are dedicated to improving the coverage, quality and automation of cyber-security detection and response
• Develop playbooks and automation in SOAR with analysts to improve efficiency of the SOC.
• Develop analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts.
• Design and develop integrations to connect to internal and external services.
• Work alongside incident response analysts to automate the response to security incidents and improve security response coverage.
• Perform analysis of security posture including recommending improvements to controls and processes.
• Automate auxiliary team processes with SOAR playbooks.
• Monitor and support SIEM and SOAR platforms to ensure security and stability of SOC infrastructure.

Key Skills

• Cyber Response Platforms is looking for an experienced (5+ years) cyber-security professional to join their team as a SIEM/SOAR content developer.
• Our ideal candidate has hands-on experience in computer network defence working either in or for a Security Operations Center or Cyber Incident Response Team.
• Minimum of 3 years of experience in cyber detection engineering or incident response
• Minimum of 1 year of experience developing automations in SOAR
• Experience in the creation and management of detection logic in SIEMs (eg Splunk, ArcSight, Microsoft Sentinel)
• Intermediate experience developing scripts in Python
• Strong knowledge of exploitation techniques (eg MITRE ATT&CK) and use-case development
• Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
• Strong communication, task management and organizational skills
• Highly experienced with Unix/Linux command-line tools and Shell Scripting

This role falls inside of IR35 and is hybrid working with the expectation to attend the Glasgow office 2/3 days a week. Please note that for this role you must have or be happy to get a Basic Disclosure Scotland. To apply, please send your CV using the link.