Detection and Automation Engineer

We look for the risk-takers, the collaborators, the inspired and the inspirational. We want the people who are brave enough to work at the cutting edge and create solutions that will enrich and improve the lives of people across the globe. So, if you want to make the world say wow, let's talk.

The conversation starts here. If this role matches your ambitions and skillset, let's get started with your application. Take a look at our other open positions too. Our many opportunities can lead to infinite possibilities.
 

This position will be responsible for threat detection content development, maintenance, and innovation in the areas of intrusion detection, and related activities and develop XSOAR automation to support threat detection and SOC operation.

What you will be doing

• Investigate and review computer intrusions focusing on initial infection vector determination, identification of new indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) in support of threat detection and prevention development.
• Research, build, and maintain detection capabilities for the latest threats across SIEM correlations and security tool signatures.
• Develop XSOAR playbooks to support detection capabilities and improve SOC operations.
• Contribute to and lead efforts to improve the SOC’s effectiveness, advancing technical capabilities at pace with the latest threats.
• Support and integrate with incident response, threat intelligence, and overall security strategy as needed.
• Generate high quality documentation of research and analysis results, including processes and findings clearly and concisely to both technical and non-technical audiences.

What you should have

• A degree in Computer Science, Computer Engineering, Cyber Security, Information Technology or related subject matter is preferred 
• 1-2 years of experience performing hands-on log analysis and host/network forensic analysis in support of incident response OR applicable training/certification
• At least 2 years of experience developing threat detection content in support of incident response.
• At least 2 years of experience with Splunk and Splunk Enterprise Security.
• General understanding of TCP/UDP traffic, SIEM and log analysis technologies.
• General understanding of Windows and Linux operating systems, as well as command line tools.
• General understanding of Cloud architecture and security monitoring of cloud environments
• Strong interest in Endpoint Detect Response (EDR) technologies.
• Basic experience with programming languages such as Python and Powershell.
• Exposure to malware analysis (static and dynamic).
• Ability to manage multiple activities and events simultaneously, with a strong ability to prioritize multiple tasks and respond to high-priority events; organizing and scheduling work effectively.
• Operate effectively as part of a geographically dispersed team.
• Fresh graduates are welcome to apply.

Benefits you will have

• Flexible work arrangement (because we understand that life happens)
• Comprehensive medical benefits (including physical health screenings and term life insurance benefits)
• AWS and variable bonus
• Special staff purchase rates
• Flexible benefits (so you can claim for that staycay or gym membership you’ve been eyeing on)
• Corporate social responsibility time off for 1 day each year to volunteer for a charity of your choice
• Milestone gifts (such as long service award and marriage gift because we want to celebrate both your professional and personal milestones)
• Wellness activities to promote healthy lifestyles
• Curated training programmes to encourage continuous professional development

At Sony, we strive to create a place for you to realise your potential and inspire you to make positive impact through innovation, smart collaboration and boundless curiosity. We are looking for people who believe that they can enrich lives and help us achieve our purpose – fill the world with emotion, through the power of creativity and technology.