Societe Generale Global Solution Centre
Location
Bangalore | India
Job description
Cybersecurity SOC Consultant Use case testing SIEM, EDR Role
Cyber Security Consultant SOC 1. JOB PURPOSE To design and execute highly complex testing of SIEM detection use cases for endpoint, server, private cloud, and public cloud environments. Ensure accurate and timely identification of advanced threats, aligning detection capabilities with the MITRE ATT&C K framework. 2. PRINCIPAL ACCOUNTABILITIES Accountabilities Major Activities Cyber Security Consultant • Lead the design and execution of comprehensive test plans for validating SIEM use cases across diverse environments. • Possess in depth expertise in utilizing offensive security techniques (ethical hacking me thodologies) to simulate real world attack vectors based on the MITRE ATT&CK framework. • Conduct rigorous testing on existing SIEM use cases, assessing their effectiveness against advanced threats. • Analyze test results, identify false positives/negative s, and recommend comprehensive optimization strategies for use cases. • Collaborate with SOC analysts, threat detection engineers, and ethical hacking teams to refine use cases for optimal effectiveness. • Document test procedures, results, and recommendat ions with exceptional clarity and detail for clear communication and transparency. • Stay current with evolving threats and adapt testing approaches to ensure ongoing detection efficacy against advanced actors. Activities: • Map advanced MITRE ATT&CK tactics, techniques, and procedures (TTPs) to relevant SIEM use cases. • Design and implement complex test scenarios replicating sophisticated malicious activities aligned with specific TTPs. • Execute advanced testing techniques th at incorporate ethical hacking methodologies (penetration testing red teaming simulations). • Generate realistic test data mimicking advanced attack behaviors and inject it into SIEM systems for analysis. • Monitor and analyze alerts triggered by SIEM us e cases under various attack scenarios, investigating potential false positives/negatives. • Collaborate with security teams to validate incident detection and response procedures against complex threats. • Conduct ongoing research on emerging threats and adap t testing methodology to maintain comprehensive coverage against advanced adversaries. Reporting to Function Head –– SOC 3. SKILLS AND KNOWLEDGESKILLS AND KNOWLEDGE Technical Skills o Technical: Deep understanding of SIEM solutions (ArcSight, Splunk, etc.), ethical hacking methodologies, Technical: Deep understanding of SIEM solutions (ArcSight, Splunk, etc.), ethical hacking methodologies, offensive security tools, scripting languages (Python,offensive security tools, scripting languages (Python, PowerShell), Linux/Unix fundamentals.PowerShell), Linux/Unix fundamentals. o Security: CybersSecurity: Cybersecurity concepts, MITRE ATT&CK framework, advanced threat intelligence sources, SIEM use ecurity concepts, MITRE ATT&CK framework, advanced threat intelligence sources, SIEM use case design principles, security testing methodologies.case design principles, security testing methodologies. o Analytical: Ability to analyze complex SIEM data, identify sophisticated attack patterns, and draw insightful Analytical: Ability to analyze complex SIEM data, identify sophisticated attack patterns, and draw insightful conclusions.conclusions. o ProblemProblem--solving: Skillful in troubleshooting detection issues and proposing effective solutions for advanced solving: Skillful in troubleshooting detection issues and proposing effective solutions for advanced threats.threats. o Communication: Communication: Clear and concise communication, both written and verbal,to explain complex technical Clear and concise communication, both written and verbal,to explain complex technical findings to diverse audiences.findings to diverse audiences. o Expertise in various cloud platforms and security services (AWS,Expertise in various cloud platforms and security services (AWS, Azure,Azure, GCP,GCP, etc.).etc.). o Familiarity with SIEM/Familiarity with SIEM/SOAR platfoSOAR platforms and secrms and security information technologies.urity information technologies. Experience, Functional & other Skills: • 10+ years of experience in a security operations center (SOC) role, with at least 3 years dedicated to testing 10+ years of experience in a security operations center (SOC) role, with at least 3 years dedicated to testing and validating SIEM detecand validating SIEM detection use cases.tion use cases. • Proven experience in using offensive security techniques (ethical hacking methodologies) for SIEM testing.Proven experience in using offensive security techniques (ethical hacking methodologies) for SIEM testing. • Strong understanding of the MITRE ATT&CK framework and its application to advanced threat detection.Strong understanding of the MITRE ATT&CK framework and its application to advanced threat detection. • Extensive knowledge of scrExtensive knowledge of scripting languages for test automation and offensive security tools.ipting languages for test automation and offensive security tools. • Excellent analytical and problemExcellent analytical and problem--solving skills, especially in challenging security scenarios.solving skills, especially in challenging security scenarios. Functi Functional and Other Skills:onal and Other Skills: • Ability to work independently and lead complex testing projects.Ability to work independently and lead complex testing projects. • Strong attention to detStrong attention to detail and accuracy.ail and accuracy. • Excellent time management and prioritization skills.Excellent time management and prioritization skills. • Exceptional communication and interpersonal skills.Exceptional communication and interpersonal skills. • Passion for learning and adapting to new technologies and threats.Passion for learning and adapting to new technologies and threats.Job tags
Salary
