- Working directly with the Level 3 CERT to look for artifacts and IOCs on SIEM solutions and other applications.
- Hunting for hygiene issues threats and advanced threats provided by the Threat Intelligence Team.
- Configuring endpoint tools EDR to implement IOCs in order to launch hunting queries.
- Assisting experts during configuration for deceptive security solutions and technologies.
- Working with use case factory to develop new signatures. Working with experts in implementing new signatures.
- Excellent knowledge of one of the SEIM products Qradar ELK Splunk.
- Working knowledge in EDR solution like carbon black end game etc.
- Good knowledge of SOAR Demisto Resilient or any other SOAR Scripting knowledge such as Python Knowledge of network technologies.
- Windows and Unix administration Knowledge of typical security devices such as firewalls intrusion detection systems AV and End Point security Web Application Firewalls anti spam systems event correlation systems etc.
- Threat Modeling
- Secure Design Reviews
- Application Security
- Security Operation Center