CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

We are looking for a UCM Team Lead with expertise in Azure Sentinel to join our Use Case Management team and become a member of our global Security Operations Team.

Main Tasks and Accountabilities

The position offers a versatile mix of responsibilities, blending technical proficiency with team management and customer relations. Understand customer requirements and recommend best practices related to Sentinel solutions. Offer consultative advice in security principles and best practices related to Sentinel operations. Developing new Sentinel use cases, rules, correlations, dashboards to meet the customer needs. Design and document Sentinel architectures to meet the customer needs. Assist customer with Sentinel sizing, architectures, and client technical meetings. Assist client with technical guidance to configure end log sources in-scope to be logged to the Sentinel. Ensure all use cases and playbooks are well-documented, including detailed descriptions, workflow diagrams, and relevant technical configurations. Verification of data of log sources in the Sentinel. Manage and mentor a team of security engineers focused on creating and optimizing detection rules, use cases, and playbooks within Azure Sentinel. Ensure the team adheres to established timelines and delivery expectations for detection use cases and playbook development.

What do we expect from you?

A minimum of 2 to 3 years of experience with the Azure Sentinel SIEM platform. At least 5 years of experience in the fields of detection engineering or cybersecurity research. Experience managing technical teams is essential. Strong hands-on experience in KQL with writing Use Cases in Sentinel. Preferred SIEM vendor certification of administrator. Familiarity with different security attack vectors and means of protection. Knowledge of common attack frameworks such as MITRE ATT&CK, TTPs, and how they are mapped to detection rules. Familiarity with security monitoring, incident detection, and incident response best practices. Strong analytical and problem-solving skills. Strong communication and collaboration skills, with the ability to work effectively in a team environment. Ability to work independently; self-starter/self-motivated. University degree in information security or equivalent work experience. Relevant certification (e.g., GIAC GSOC, GCFA, CISSP) is an advantage.