Security Siem Specialist And Detection Engineer

Details of the offer

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.Role summaryWe are looking for a talented and enthusiastic individual with excellent technical and client-facing skills to act a SIEM specialist who can design and deploy SIEM (Security Information and Event Management) / SOAR (Security Orchestration, Automation and Response) capabilities. They will also be responsible for working with clients to derive the security use cases across a range of platforms and systems to be monitored. These use cases will be based on appropriate MITRE frameworks and client defined insider, vulnerability, business, risk and policy enforcement requirements. The role will range from deploying new solutions and assessing existing capabilities to identify the exposure and coverage gaps. This role is situated within our Government business, based in Canberra, with substantial time on client sites and will require a government security clearance at NV2 minimum, but candidates will be expected to undergo PV.Find out more about our award winning Cyber Security solutions: http://www.baesystems.com/en/cybersecurity/solutions/by-business-objective/detect-and-monitor-for-cyber-attacksWhat you'll be doingOversee deployment / implementation activities ensuring that entry criteria are met, all planned activities are completed and that rollback plans are initiated where required.Identify use cases, plan development, deployment, testing and release into production.Produce, update and maintain corresponding playbooks for detection and automation content.Develop, test and deploy updated and new content across the monitored estate in liaison with the client.Maintain existing detection content to ensure it remains current and relevant to the monitored estate, and that false positives are kept to a minimum.Assess the effectiveness of new / updated rules and analytics to feed into future development activities.Review and approve all required documentation as part of a release or change including design, deployment, configuration and administration guides.Support attack, threat and exposure modelling to identify new attack paths and determine suitable detection content to detect path being exploited. Support threat hunting and content enrichment.Integrate solutions with vulnerability and asset and configuration management and other tools to enrich efficacy of the solution.Obtain authorisation for implementing releases and changes through the Change Management process.The strategic focus of the role is to ensure that the detection and monitoring technology remains optimised, current and tailored to the changing threat landscape, client risk position and technology in use. The role is a cyber technical specialist with deep knowledge of the Cyber Monitoring technologies and cyber threat tools, tactics, techniques and procedures.What we're looking forTechnical:Strong knowledge of how Azure and AWS security functions work as security controls as well as detection tools to protect large cloud estatesProduction of content and playbooks on Sentinel and Splunk to detect security breaches and recognise the importance of threat led Use Cases.Knowledge of SIEM/SOAR tools (Splunk and Sentinel at a minimum) and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of an intrusion, and advise where new/improved tooling could enhance the SOC operation.Deep knowledge and experience of operational ICT service delivery management.Working with a range of security tooling/technology.Strong understanding of security architecture, in particular networking.Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.Understand TCP/IP component layers to identify normal and abnormal traffic.Experience of Splunk (with ES) &/or Sentinel.Experience developing SIEM/SOAR content desirable.Non-technical:Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others, including briefing skills and report writing.Coaching mindset - helping and mentoring the team.Security process development.Able to understand and adapt to different cultures and hierarchical structures.Self-starter and capable of independent working.Team player and adept at working in multi-disciplinary and diverse teams.Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: CapabilitiesAt BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Capabilities is the engine that keeps the business moving forward. It is the largest area of Digital Intelligence, containing our Engineering, Consulting and Project Management teams that design and implement the defence solutions and digital transformation projects that make us a globally recognised brand in both the public and private sector.As a member of the Capabilities team, you will be creating and managing the solutions that earn us our place in an ever changing digital world. We all have a role to play in defending our clients, and this is yours.


Nominal Salary: To be agreed

Source: Talent2_Ppc

Requirements

Cyber Analyst

Must be able to obtain Negative Vetting Level 1 Security clearance. The applicant must have knowledge and experience in: 5 years' experience conducting secur...


Kirra Services - Australian Capital Territory

Published 13 days ago

Oracle Expert Database Administrator

Role: Oracle Expert Database AdministratorClient: Federal GovernmentContract: 12 MonthsExtension: 12 MonthsClearance: NV-1Location: ACTOverview of Proposed S...


Ultradynamix - Australian Capital Territory

Published 13 days ago

Accenture | Salesforce Designer (Au Citizen Feb 25 Start) | Canberra

Accenture is a leading global professional services company that helps the world's leading businesses, governments and other organizations build their digita...


Tideri Jobbörse - Australian Capital Territory

Published 13 days ago

Security Officer - Us Embassy

About the Company As one of Australia's leading security companies, with a national footprint across Australia, MSS Security has unrivalled experience in del...


Mss Security - Australian Capital Territory

Published 13 days ago

Built at: 2024-12-23T03:10:28.456Z