• Act as a subject matter expert on logs collection and analysis, on hybrid environments (cloud and on-premise).
• Improve detection mechanisms by implementing techniques to hunt for threats in our environment based on threat intelligence reports and knowledge of TTPs.
• Assist on investigations on potential incidents.
• Leverage threat intelligence, keeping an up-to-date overview of the current threat landscape.
• Write clear and concise documentation at both technical and executive level, that can be used to improve the overall security posture.
• Assist on security recommendations for improving different architectures.
• This role is well-fitted for a seasoned blue team member with hands-on experience on log collection and incident response, who is willing to take the next step to be the central point of contact to improve the security tools of the company and to help on punctual investigations that may arise.
• SIEM, SOC Level 3 or Threat Hunter work experience preferred. Having experience on both on-premise and cloud infrastructures (AWS, Azure).
• Good programming skills to develop scripts, API connectors and automations to support current existing deployments.
• Strong analytical skills. Used to think flexibly and determine alternatives to problems that could raise during an incident.
• Experience with different large datasets analysis, SIEM and endpoint security tools (i.e. ELK, Graylog, Splunk, Symantec, FireEye, AlienVault).
• Able to identify what logs are necessary to examine for each kind of research.
• Incident handling capabilities, being able to analyse malware, extracting IOCs and creating signatures for IDS.