Capgemini Engineering
Position: Cybersecurity Engineer (Signatures Rules Tuning)
Location: 3 days remote, 2 days onsite in Houston, TX About the Role: The Capgemini DECODE (Detection Engineering and Cyber Operations Data Enablement) team is seeking a motivated professional with the technical skills to analyze data sources, threat intelligence, and intrusion data for synthesis into new or existing detections and detection methodologies. The DECODE team focuses on creating and tuning detections for both SIEM and EDR platforms.Is looking through data sets for anomalies your “thing”? Do you read about the latest new tool, TTP, malware, or adversary activity do you ask yourself, “how can this be detected and what would it look like in my logs, on my endpoint, or in my network tools”? Do you like to download the latest tools, or try out that new penetration testing technique in your lab just to see what telemetry it generates so you can create a detection? If you match this description, we want to hear from you. Candidates should be strong in either EDR or SIEM platforms, those with experience and knowledge in both areas will be given preference. Capgemini is seeking to add a critical team member to our Managed Detection and Response (MDR) Program.Primary Responsibilities:
- Create signatures, rule sets, and content analysis definitions from various input for a variety of security detection capabilities
- Develop, tune, and maintain tools to automate analysis capabilities for host-based and log-based security event analysis
- Create meaningful dashboards, reports, and visualizations
- Tune and continuously improve correlation rules and signatures; Work with stakeholders to achieve reasonable false positive and benign rates.
- Manage project tasks, reporting, and customer meetings
- Document and maintain processes and procedures
Required Skills:
- 2-5+ years related work experience preferred
- Experience with one or more SIEM platforms
- Experience with one or more EDR platforms
- Strong analytical skills required
- Ability to review reports and system activity logs to identify critical events, prioritize, and escalate as appropriate
- Ability to make meaningful contributions to incident response and threat hunting activities
- Must have excellent written and verbal communication skills and ability to present information to senior management, technical, and non-technical staff
Strong understanding/knowledge of:
- Common Tactics Techniques and Procedures (TTPs)
- The current threat landscapes
- Endpoint detection and response (EDR) platforms
- Log management (SIEM) systems
- Incident response
- Threat intelligence
- Cyber security
- Information Technology
Bonus Points:
- Well-versed in the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK methodologies
- DFIR knowledge or experience
- Dynamic malware analysis experience
- Network forensics experience
- Experience in Security Operations
- Good understanding of operating systems
- Experience in Version Control (VC) systems, such as git
- Experience with “Sigma” (generic signature format for SIEM systems)
- Experience with attack simulation in a lab environment
- Experience with one modern programming language
Keywords: Cybersecurity Detections Engineer Security Engineer Cybersecurity Detection Engineer Cyber Security Engineer Cyber Engineer Cyber Security Engineer SIEM Engineer EDR Engineer Platform Engineer
About CapgeminiA global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of over 200,000 team members in more than 40 countries. The Group reported 2018 global revenues of EUR 13.2 billion.Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by lawThis is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship. Click the following link for more information on your rights as an Applicant – for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Source ⇲
