The CyberDefence Automation and Detection Engineering team provides support to Shell’s CyberDefence team with the development and implementation of automation detection capabilities, to capture Indicators of compromise (IOC) and swiftly act on Events of Interest. Based on input from Threat and Incident teams this team develops the necessary correlation and reporting capabilities, automate incident detection to reduce false positives. Key tools and services in use are Phantom (for the automation of enrichment or response actions), Splunk (for monitoring and detection use cases or reports and dashboards), CrowdStrike and similar tools (for development of additional detection logic) and other tools as appropriate.
•Translate IoC use case requests into optimized technical implementation and translate behavioral analytics use case requests into algorithms to be deployed in CyberDefence technologies.
•Work with the wider CyberDefence team in understanding requirements for automation capabilities as well as detection logic and able to work with the CyberDefence LT to prioritize work effort.
•Be the quality gate keep for all new scripts, use cases and playbooks, with focus on minimizing false positives and rework.
•Support and develop other CyberDefence extended team members with experience and best practices in a continuous learning environment.
•Develop automation and robotics requirements into effective and secure code and scripts supporting the enrichment or automation of critical and repetitive activities from CyberDefence teams – focused on CyberDefence Monitoring and Incident Management