Türkiye
- Reviewing existing rules and developing new scenarios by performing scenario analysis in accordance with MITRE ATT&CK Framework. - Developing rules with CDC Engineers to reduce false positive and false negatives. Management and maintenance of SIEM tools (Splunk, Splunk ES) - Experience in integrating with application logs and aggregators such as Cribl Creating rules, reports, trend reports and use cases on SIEM products in order to detect current threats and attacks. - Analyzing threat information collected from logs, IPS/IDS, intelligence reports and other sources. - Importing logs from other security products and all log sources within the company to SIEM products and troubleshooting the problems. - Working in coordination with the teams managing the relevant log source to import new log sources into SIEM. - Management and maintenance of EDR tools - Following global and local security events through cyber intelligence services and digital channels - Taking an active role in incident response processes.
- To analyze the logs of the customers and to develop rules according to the mitre att&ck framework. - Experience in scripting language Python, bash and powershell. Improvements were made as needed. - Integration Splunk Threat Intel Management with external sources - Build, customize and deploy Splunk apps as per internal customer needs - Create data retention policies and perform index administration, maintenance and optimization - Supported customers by managing log management processes. - Research, analyze and understand log sources utilized for the purpose of security (such as operating systems, firewalls, anti-virus products and proxies ) - Performs all administration, management, configuration, testing, and integration tasks related to the Splunk. - Creating notable events for these situations after Investigate cyber security incidents and threats
- 7x24 Experience using current monitoring technologies such as:Splunk, ArcSight - SIEM content Analysis, Development and Testing - Basic understanding of cyber landscape and typical threat vectors - EDR Management (Carbon Black & FireEye HX) - Creating & Testing new rules for cyber threats - Scripting for vulnerability management - Vulnerability and Patch Management with NeXpose, Nessus - Incident Management - Workflow and Playbook preparation