Threat Detection Engineer
Softtestpays
- Canberra, ACT
- Permanent
- Full-time
- Contract start 01 April 2023 To 12 months, 2 x 12 months extensions.
- Australian Citizen, ability to obtain Baseline Clearance, Canberra role.
- Create threat models and preform threat hunts to inform the detection engineering strategy
- Develop use cases based off threat models, system risks, vulnerabilities, intelligence, incident reports and industry frameworks
- Develop the detection rule syntax associated with use cases within the SIEM and EDR technologies
- Develop playbooks for alert validation by understanding the context in which the detection rule is designed
- Collaborate with Cyber Defence Analysts for detection rule tuning
- Maintain the threat intelligence integrations across the SOC technology stack
- Assist in the identification of content shortfalls across the detection engineering practice
- Assist with incident response at that direction of the incident manager
- Conduct in-depth research and analysis for new detection content
- Assist in the onboarding of new data sources to meet requirements of use cases
- Provide evaluation and feedback necessary for improving intelligence production and reporting
- Provide support to designated exercises, planning activities, and time sensitive operations