The TDO Analyst creates detection logic tailored to enterprise threat landscape using industry-specific intelligence and developed use cases. Maintains data source catalog containing information on indicators, correlations and existing detection logic. Works closely with Security Engineering in onboarding new data sources and with Cyber Threat Intelligence (CTI) personnel for development of relevant use cases across various network. Identify malicious or anomalous activity based on event data from network flows, EDR and other sources.
Experience with scripting or programming, including Perl, Python, C, C++, C#, Java, Ba, or Batch is a plus
Experience developing detection logic for enterprise SIEM systems
Experience with exploitation techniques and use case development
Experience with IOC datasets (e.g., YARA, OpenIOC)
Develop use cases and create threat detection logic, rules, and alerting in SIEM for response by IR analysts
Document processes and procedures related to content development and tuning and recommend new internal and external data sources to develop additional threat detection logic
Analyze threat information gathered from logs, Intrusion Detection Systems (IDS), intelligence reports, vendor sites, and a variety of other sources and recommends rules and other process changes to protect against the same
Operationalize Indicator of Compromise from intelligence feeds by developing, testing, and deploying monitoring and alerting rules into SIEM
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cybersecurity operations
Hunt for and identify threat actor groups (APT) and their techniques, tools and processes
Participate in Hunt missions using threat intelligence, analysis of anomalous log data and anomalous sessions to detect and eradicate threat actors
Develop Threat Hunting dashboards and reports to identify potential threats, suspicious activity and malware
Conduct trend analysis and correlation understanding for the purposes of attribution through identified indicators of compromise and behaviors associated with targeted behavior
Participate in the design and development of features and capabilities for secure sharing of cybersecurity related information across entities where relevant
Support team members in methods to process tactical mitigations based on results of analysis and determination of threat validity
Participate in preparing reports to ensure proper understanding of threat campaign(s) techniques, lateral movements and extract indicators of compromise.
DISCLAIMER: Dear Candidate! You are fully responsible to deal with the employer on the hiring process. GulfJobs.com will not take any responsibility on your hiring process. Genuine employer does not ask money for hiring!