Dir. DDIT ISC CSOC Content Engineering

Job Description Summary

As a Content Engineer, you will be responsible for planning, developing, testing, and tuning content for security platforms like SIEM, DLP, and EDR. You will provide expertise to optimize data onboarding, define and measure performance KPIs, and deliver reports to CSOC stakeholders. You will collaborate with stakeholders to align on initiatives, gather feedback, and improve services continuously. Additionally, you will research new tools to enhance cyber threat detection and response, and monitor content health to detect any issues impacting CSOC performance.

 

Job Description

Major accountabilities:

• Talent and Growth.
• Manage and mentor associates and team leaders.
• Plan and implement technical and nontechnical development strategies for continuous development of CSOC analysts and leaders strategy and direction.
• Content engineering service involves planning, developing, testing, operationalizing, and tuning content for detection, investigation, and reporting from security platforms like SIEM, DLP, EDR, etc.
• Provide subject matter expertise, oversight, and feedback to optimize data onboarded into the SIEM.
• Content engineering service involves planning, developing, testing, operationalizing, and tuning content for detection, investigation, and reporting from security platforms like SIEM, DLP, EDR, etc.
• Provide subject matter expertise, oversight, and feedback to optimize data onboarded into the SIEM.
• Define and measure performance and effectiveness KPIs; develop and deliver timely reporting to CSOC stakeholders and senior leaders.
• Interface with other CSOC stakeholders to align on initiatives; proactively gather feedback; adjust and improve service continuously.
• Research new tools and techniques to improve overall CSOC ability to monitor, detect, and respond to cyber threats.
• Monitor health of content to detect outages, spikes, or other anomalies that may impact CSOC performance.

Key performance indicators:

• Review and evaluate SIEM team performance.
• Effectively and efficiently design and implement process automations, create supporting technical documentation and redundancy controls.
• Accurately troubleshoot to diagnose and resolve problems with process automations, case management issues, scripts, and other custom solutions that support CSOC operations.
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement.
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies.

Minimum Requirements:
Experience:

• 10+ Years work experience.

• Strong Team Management skills.
• Good general security knowledge.
• Strong knowledge of security tools (DLP, XDR, SIEM, Firewalls).
• Experience in scripting and Automation for Security tools.
• Experience SIEM alert creation, SOAR playbook development.
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on incident response topics.
• Strong written and verbal communication and presentation abilities, with the capacity to effectively convey information risk-related and incident response concepts to both technical and non-technical stakeholders.
• Exceptional interpersonal and collaborative skills, fostering effective communication and cooperation with diverse individuals and teams.
• Exceptional understanding and knowledge of general IT infrastructure technology and systems.
• Proven experience to initiate and manage projects that will affect CSOC services.

Skills:

• Understanding of SIEM architecture components, including technology integrations.
• Firsthand experience of Security tools like Splunk, Sentinel, XDR, DLP.
• Direct experience managing Data ingestion pipeline through Cribl.
• Understanding of security systems (such as AV, IPS, Proxy, FW).
• Security use-case design and development.
• Understanding of SOAR and Development experience in python (SDKs).
• An understanding of error messages and logs displayed by various software.
• Ability to troubleshoot, diagnose and solve issues independently.
• Self-learner, ability to document learning as experience is gained.
• Understanding of network protocols and topologies.
• Strong technical troubleshooting and analytical skills.
• A knowledge of the MITRE ATT&CK framework is beneficial.
• Ability to prioritise workload.
• Excellent written and spoken English.
• Team Management.
• Calm and logical approach.

Languages :

• English.

 

Skills Desired

Communication Skills, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management