About Help AG
Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and has been present in the Middle East since 2004. The company provides enterprise businesses and governments with strategic consultancy and tailored information security solutions, enabling them to evolve securely. Acquired by e& in 2020, Help AG remains a vendor-agnostic, trusted advisor in IT security, focusing on all aspects of cybersecurity while delivering unmatched value through best-in-class technologies and service delivery.
Responsibilities
- Implement and maintain detection capabilities across SIEM and EDR/XDR platforms.
- Evaluate existing EDR/SIEM content to determine what should be removed or updated to enhance fidelity.
- Utilize the MITRE ATT&CK framework and monitor the threat landscape to identify opportunities for new content development.
- Research and innovate mitigation, detection, and response capabilities based on industry trends and customer feedback.
- Support onboarding of new data sources by developing relevant EDR/SIEM content.
- Develop detection use cases and review them with relevant stakeholders.
- Maintain a content catalog mapped to the MITRE ATT&CK framework to improve the efficiency of deploying security stacks.
- Document and communicate detection capabilities and gaps, leveraging multiple industry frameworks.
- Design, develop, and monitor dashboards and reports for content coverage, alerting, and fidelity.
- Collaborate with technology staff to improve logging from various appliances and rectify misconfigurations.
- Serve as a primary responder for Managed Security customer systems, owning issues until resolution.
Qualifications & Skills
- Minimum 8 years of professional experience in threat content support and maintaining SPLUNK SIEM systems.
- Proficiency with SIEM tools and advanced tuning of SIEM content (preferably Splunk) for at least six years.
- Professional experience with network architecture.
- College degree or equivalent training with experience in a Security Operations Center or Managed Security.
- Knowledge of information security in areas such as EDR products (e.g., McAfee, Carbon Black).
- Hands-on experience with EDR, Vectra, and Microsoft Azure.
- Proficiency in big data engines such as Splunk or Azure Log analytics.
- Familiarity with MS Azure Information Protection and related technologies.
- Security certifications in Splunk Admin, Architect, or Consultant are mandatory; additional certifications in Azure, EDR, and firewalls are advantageous.
- Knowledge of Linux and Windows operating systems.
- Experience with various SIEM products (e.g., ArcSight, Nitro, LogRhythm) and security infrastructure components (proxies, firewalls, IDS/IPS, DLP).
- Client-facing experience within a service delivery function.
- Flexibility in work shifts, including potential after-hours support.
- Familiarity with internal and client ticketing and knowledge systems for incident and problem tracking.
Benefits
- Health insurance with a leading global provider.
- Career progression and growth opportunities through challenging projects.
- Employee engagement and wellness activities throughout the year.
- Excellent learning and development opportunities.
- Inclusive and diverse working environment.
- Flexible/Hybrid working arrangements.
- Annual flight tickets to the home country.
- Open-door policy.
