#WD00072366
: LNVGY).
This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit https://www.lenovo.com, and read about the latest news via our StoryHub.
Description and Requirements
Primary Responsibilities
Provide engineering, operation and enhancement of the SIEM, SOC platform tools and data collection and analysis systems.
Develop, deploy, and tune tools content and reporting.
Assist in the design, architecture and implementation of use cases, detection rules, integration and workflows automation
Analyze existing use case catalogue and correlation rules implemented as well as automation workflows.
Cooperate with the other team members in correlation searches development and testing.
Prepare correlation search test, conduct test and document evidence from test that shows correlation search addresses scenario described in use case.
Cooperate with log source onboarding project to assure correct log source onboarding and log mapping to data models according to SOC tools best practices.
Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SOC tools detection logic.
Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems and SOC tools.
Knowledge and skills
3+ years of hands-on SIEM experience.
Direct experience with SOC tools engineering and data integration.
Scripting and development skills in Python/Perl with deep comprehension of regular expressions.
General networking and security knowledge.
Experience with building intricate searches from disparate data sources and joining them together
Versed in building threat detections (correlation rules) using security logs to detect malicious activity with high fidelity
Knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory
The ability to aggregate and analyze logs from various deployed security devices.
Familiarity with DevOps and cloud computer service providers (AWS / Azure)
Additional Locations:
Brazil - São Paulo - São Paulo
Brazil - São Paulo - Sao Paulo