LTIMindtree Limited is an Indian multinational information technology services and consulting company. A subsidiary of Larsen & Toubro, the company was incorporated in 1996 and employs more than 90,000 people.
We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform.
Roles and Responsibilities:
• Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc.
• Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions.
• Developing custom content based on threat intelligence and threat hunting results.
• Identifying gaps in the existing security controls and develop/propose new security controls.
• SIEM Engineering and knowledge of integrating various log sources with any SIEM platform.
• Custom parsing of logs being ingested into the SIEM Platform
Job Requirements:
• 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arcsight /QRadar/Nitro ESM/etc.
• Deep understanding of MITRE ATT&CK Framework.
• Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools.
• Good understanding on networking concepts.
• Experience interpreting, searching, and manipulating data within enterprise logging
solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)
• In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.
• Ability to identify gaps in the existing security controls.
• Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.
• Experience on EDR tools like Crowdstrike and good understanding on TTPs like Process Injection.
• Excellent communication, listening & facilitation skills
• Ability to demonstrate an investigative mindset.
• Excellent problem-solving skills.
Understanding of MITRE ATT&CK framework. - Demonstrable experience in Use case /rule creation on any SIEM Platform. - Chronicle Backstory/ YARA / Crowdstrike rules is a plus.