Detection Ingenieur

Description de la mission

1/ Context
Cyber Defense Group is sourcing for Global Security Operations Center (SOC) to extend the Global SOC Platform to the Public Cloud security monitoring for AWS, Azure and Google logs and alerts.
The project is in development phase where a resource enforcement is needed to develop and build the Public Cloud Security use cases, response Playbooks and perform end-to-end test plan including user acceptance criteria and deployment to production.
Objectives
– Support the project delivery to extend the existing Global Security Platform Azure Sentinel to monitor the Public Cloud logs and alerts
– Develop and design the detection rules and response Playbook in alignment with the selected security use cases
2/ Service Main tasks
Working closely with both the program team, the existing Cyber Defense team and the external partners, the main duties of the Public Cloud Security service will lead and support the following tasks following the Group internal use case factory highlighted below.
– Assess the existing Cloud use cases
– Document the use cases specifications
– Build the required Detections rules when it’s needed
– Develop the response Playbooks needed to react on detected incidents
– Build and perform the end-to-end test plan and user acceptance
– Fine-tune and readjust the Detection rules, Playbooks as needed
– Ensure a smooth user acceptance and production deployment
3/ Service Main Deliverables
-Build detection rules in alignment with the selected use cases for GCP and OpenShift, RedHat
-Build the appropriate response Playbook and Silva ticket to manage security incidents
-Build and perform a detailed test plan for the developed detection rules and response Playbook
-Coordinate and manage the technical handover and user acceptance criteria to move to production/Business As Usual