2-3 years of experience in a hands-on cybersecurity role such as a SOC Analyst, Security Engineer, or Threat Hunter.
In-depth, hands-on experience with a major SIEM platform (e.g., Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm), including experience in building complex detection rules and analytics.
Strong understanding of defensive security principles and frameworks, including the MITRE ATT&CK Framework, the Cyber Kill Chain, and defense-in-depth architecture.
Demonstrable experience in translating security concepts into technical documentation (e.g., requirements documents, design specifications, process flows).
Proficiency in at least one SIEM query language (e.g., SPL, KQL, AQL).
Proven experience in proactive threat hunting and developing novel detection techniques.
Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms and playbook development.
Scripting skills for automation and analysis (e.g., Python, PowerShell).
Knowledge of endpoint and network forensics.
Relevant industry certifications (e.g., CompTIA CySA+, GIAC GCIH, GCIA, or similar).
Work with security stakeholders to analyze security needs and threat intelligence, translating them into formal technical requirements, system specifications, and process flows for security tools.
Design, document, and prototype advanced SIEM correlation rules, detection logic, and analytical models. Create specifications for custom dashboards, reports, and alerts to improve visibility for the SOC team.
Develop and document proactive threat hunting hypotheses and methodologies. Design systematic processes and technical requirements for hunting campaigns within existing and new security platforms.
Research, evaluate, and conduct Proof-of-Concept (PoC) engagements for new security technologies beyond SIEM (e.g., SOAR, EDR, NDR, Threat Intelligence Platforms) to enhance our defensive stack.
Create detailed specifications for onboarding new data sources into the SIEM. Design integration workflows and define API requirements for connecting disparate security systems to enable automated response actions.
Develop and maintain comprehensive documentation, including Functional Specification Documents (FSDs), data flow diagrams, and operational runbooks for the security solutions you design.
