Telco SIEM Content Development Specialist
Role Purpose:
We are seeking a skilled Telecoms SIEM Content Developer to join our team and play a pivotal role in enhancing the security of our telecoms infrastructure. This role involves creating, managing, and maintaining SIEM content specific to telecoms devices and networks to detect and respond to security threats effectively.
Cyber Defence Operations (CDO) is Vodafone Group’s Cyber Defence Operations Centre of Excellence.
CDO’s mission is to protect Vodafone customers against global cyber risk. CDO is specifically accountable for delivering:
• Cyber Defence operational leadership across Vodafone.
• Cyber Defence operational capabilities to Vodafone Group, the Local Market Operating Companies, and Partner Markets to enhance Vodafone’s global cyber defence posture and reduce its cyber risk.
Telecoms SIEM Content Development Specialist works in the Cyber Security Operations Team. This role is at the heart of the CDO team and a Telecoms SIEM Content Development Specialist can expect to be involved concurrently in a number of the following areas:
• Content Development – Create, customize, and maintain SIEM rules, alerts, and correlation policies tailored to telecoms devices and network elements, ensuring timely threat detection and response.
• Threat Analysis – Analyse security event data to identify potential security incidents and vulnerabilities specific to the telecoms environment.
• Security Analytics – takes part in a security event analysis activity to defeat cyber threats.
• Log Integration – Assist in configuration of log sources for telecoms devices and network components, ensuring comprehensive data collection for analysis.
• Documentation – Maintain clear and up-to-date documentation of SIEM content, configurations, and telecoms-specific threat intelligence.
• Compliance – Ensure that SIEM content aligns with regulatory and industry compliance standards relevant to telecoms.
• Continuous Improvement – Stay up-to-date with emerging threats, trends, and technologies in the telecoms security landscape and incorporate best practices into SIEM content.
• Security Reporting and Advisories – takes part in, and may lead, the delivery of cyber security reports and advisories to all key stakeholders.
• Residual Risk Assessment – takes part in the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting.
Telecoms SIEM Content Development Specialist will be expected to operate with minimal supervision and to be able to make quick independent decisions. This role requires the ability to build strong relationships across the Vodafone security community.
What you’ll do
• Content Development – Create, customize, and maintain SIEM rules, alerts, and correlation policies tailored to telecoms devices and network elements, ensuring timely threat detection and response.
• Threat Response – takes part in, and may lead, a Threat Action Group to defeat cyber threats.
• Security Reporting and Advisories – takes part in, and may lead, the delivery of cyber security reports and advisories to all key stakeholders.
• Residual Risk Assessment – takes part in, and may lead, the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting.
• Collaborating with data owners and customers on understanding data sources and use cases, and successfully translating requirements to actionable content.
Who you are
Able to demonstrate experience of:
• 3 years minimum experience in security threat and vulnerability management technologies /security professional services experience.
• 3 years minimum experience in SIEM content development and refinement.
• Demonstrate deep understanding of telecoms equipment, protocols, and network architecture to develop accurate and effective SIEM content.
• Deep Knowledge of telecoms protocols and equipment (e.g., Routers, Switches, VoIP systems,IOT,NAS).
• Deep knowledge of security threat and vulnerability management technologies best practice/continuous improvement (from both a technology and operational process perspective) that will improve Cyber Defence Operations overall detection and response capabilities.
• Strong analytical and communication skills. Build on and continuously improves SOC analytics framework.
• In depth and extensive hands-on experience in security event analytics, SIEM content development - Refines SIEM content and delivers efficiencies within the CSOC SIEM and all other technologies used within the team.
• Deep knowledge of cyber risk analysis and management, including security reporting frameworks.
• Deep knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc.
• Deep knowledge of typical security devices such as firewalls, intrusion detection systems, AV systems, anti-spam systems, event correlation devices, log file analysers, etc.
• Understanding of cloud and IoT security in telecoms
• Knowledge of cloud platforms including, but not limited to Google cloud, AWS, Oracle, Azure, O365.
• Knowledge of Security Architecture and Design area with modern and APT technologies
What's in it for you
Discretionary yearly bonus: 10%
Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
Charity days: 5 days/year
Maternity leave: 52 weeks out of which 39 weeks are fully paid + 13 weeks half pay and 6 months - working 4 days, getting paid 5
Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
Access to: private medical, private dental, free health assessments, share save scheme
Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan
Who we are
You may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.
As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.
Together we can.
#TogetherWeCan #GroupResourcing #GroupTalentAcquisition #WeAreHiring #JoinOurTeam #LI-hybrid