Maarssen, Utrecht, Netherlands
Security detection engineering
Purple Team Lead SOC T2 Analyst
Blue team member (Remote Work) • I work with business partners and project leads to gather and analyze business requirements and translate them into technical tasks, design and develop data correlation, text analytics, and information extraction algorithms specific to mission needs • Threat Hunting using various toolsets, based on intelligence gathered • Analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets • Use case design and development for application security in SIEM systems • Develop attack detection & response playbooks, counter-measure definition and strategies to mitigate emerging threats • Cloud Security, Container Security
We terminated our agreement due to pandemic conditions. - Threat Intelligence - Threat Hunting - Use Case Development/Management
• Strong familiarity with security technologies in general, both at the host and network level • Work with business partners and project leads to gather and analyze business requirements and translate them into technical tasks, design and develop data correlation, text analytics, and information extraction algorithms specific to mission needs • Creates, modifies and tunes the system rules to adjust the specifications of alerts and incidents • Provide continual correlation rule tuning, incident classification and prioritization recommendations • Develop and maintain SOC playbook processes • Perform hunting for malicious activity across the network and digital assets without adhering to SIEM alarms • Industry research on security trends, goal of potential improvements in our own processes or tools • Research and test new security tools/products and make recommendations of tools to be implemented in the SOC environment • Creates new ways to solve existing production security issues • Experience in MITRE ATT&CK Navigator, OSINT gathering; and good knowledge of Cyber Kill Chain. • Analyze PCAP files, narrow down anomaly traffic with Wireshark, examine the details of the infected hosts and write IOC on executive summary reports. • Ensure the SOC analyst team is providing excellent customer service and support • Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts • Provide Training and Mentoring of junior and mid-career team members. • Develop and deliver training content and playbook content for SOC I analysts • Responsible for Minemeld (OpenSource Threat Intelligence Sharing Platform)
• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the Arcsight ESM, Change Auditor and ELK platform • Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, operating systems etc.) • Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms • Performs all administration, management, configuration, testing, and integration tasks related to the Big Data/Hadoop, Arcsight ESM and associated platforms to include content creation, maintenance, and administration tasks • Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources • Conduct analysis to determine the legitimacy of files, domains and emails using online resources such as VirusTotal, AnyRun, and MX Toolbox and recommend appropriate corrective actions to the technical teams via SOAR. • Assist with designing and documenting work processes within the SOC • Drive monitoring of security events using a SIEM, EDR and other feeds, looking for significant events, and processing reports of unexpected activity • Investigate and uncover issues by analyzing security events and coordination response activities • Use threat intelligence to hunt for indications of compromise in log data and utilizing endpoint security tools • Tuning - regularly performing tuning and filtering SIEM alerts and monitoring components to ensure only relevant security data is gathered