Develop & Maintain Detection Logic and Systems

• Determine the best way to detect threat actors and their Tactics, Techniques & Procedures (TTPs).
• Develop and implement dependable detection logic in Microsoft Sentinel.
• Test and tune threat detection use cases within Microsoft Sentinel.
• Monitor and maintain lifecycle of Microsoft Sentinel knowledge objects and similar items.
• Monitor content metrics, identify opportunities to increase efficiency and fidelity, and identify detection logic for retirement.
• Triage, prioritize, and resolve requests for new, corrected or enhanced detection logic.

Document and Share Security Engineering Knowledge

• Validate and document content requirements, search criteria, test cases, and other development lifecycle knowledge in documentation libraries and development tracking tools.
• Document and maintain assets, scripts and processes to test SIEM/EDR rules for reuse.

Work Across the Organization

• Partner with other Fusion Center teams to align detection strategy with threat models, the MITRE ATT&CK framework, and to validate and document threat detection goals.
• Collaborate across the organization to learn, document, and maintain a library of various IT processes, naming conventions, assets, configurations, and other considerations that can be leveraged to improve security capabilities for State Street.
• Guide and partner with stakeholders to create detection logic, controls, and alerts using the best tools and methods available. (e.g., SIEM, EDR, IDS, Cloud, email gateways).

What we value:

• Loves to learn how things work, asks lots of questions, and shares knowledge freely.
• Takes disciplined initiative and likes to solve ambiguous security problems.
• Wants to have fun at work!
• Articulate and comfortable working on a global and multi-cultural team.

What you should know:

• How to develop, implement and management detection logic in Microsoft Sentinel
• Knowledge of adversarial TTPs.
• Knowledge of cyber threat intelligence.
• Knowledge of IT architecture and operations (e.g., computing, network, storage & cloud).
• Knowledge of security control technologies.

Required Qualifications

• 3+ years of Microsoft Sentinel content development experience.

Preferred

• BS in Cyber Security, Information Technology, Computer Science or relevant experience
• Software development and/or scripting experience a plus: RegEx, PERL, Python, PowerShell, etc.
• Experiences in SIEM/EDR content engineering, incident response, SOC Analysis, threat hunting and penetration testing.
• Technical security certifications, including Microsoft Security Operations Analyst Associate, GMON, GCDA, GCIH, etc.
• Financial Services experience.