Job Description:
We are looking for an experienced security professional for our 24×7 managed security operations center to work as a Content engineer who will be responsible for identifying, prioritizing, implementing, testing and tune threat detection use cases within the SIEM.
Responsibilities:
Analytics Rule Development & Management
• Design & implement analytics rules using KQL (Kusto Query Language) to detect security threats.
• Develop scheduled rules, NRT (Near-Real-Time) rules, and ML-based detections to improve security visibility.
• Customize Microsoft Sentinel built-in rules to fit organizational security requirements.
• Define rule thresholds and tuning parameters to reduce false positives.
Use Case Development
• Develop security use cases based on the latest threat intelligence and attack techniques,
• Map detections to the MITRE ATT&CK framework for better visibility into attacker TTPs.
• Collaborate with SOC and Threat Intelligence teams to identify gaps in detection capabilities.
• Work closely with Red Teams to simulate attacks and validate detection effectiveness.
Rule Tuning & False Positive Reduction
• Continuously analyse alert trends and false positives to fine-tune detection logic.
• Adjust rule conditions, thresholds, and suppressions to improve accuracy.
• Use behaviour-based analytics to enhance detection effectiveness.
