Telco SIEM Content Development Specialist

Aggregate function:  Technology
Business Area:  GT Global Cyber Security
Posting Country:  United Kingdom
Date Posted:  18 Oct 2024
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

Role Purpose: 

 

We are seeking a skilled Telecoms SIEM Content Developer to join our team and play a pivotal role in enhancing the security of our telecoms infrastructure. This role involves creating, managing, and maintaining SIEM content specific to telecoms devices and networks to detect and respond to security threats effectively.

 

Cyber Defence Operations (CDO) is Vodafone Group’s Cyber Defence Operations Centre of Excellence.  

 

CDO’s mission is to protect Vodafone customers against global cyber risk.  CDO is specifically accountable for delivering:

•    Cyber Defence operational leadership across Vodafone.

•    Cyber Defence operational capabilities to Vodafone Group, the Local Market Operating Companies, and Partner Markets to enhance Vodafone’s global cyber defence posture and reduce its cyber risk.

Telecoms SIEM Content Development Specialist works in the Cyber Security Operations Team.   This role is at the heart of the CDO team and a Telecoms SIEM Content Development Specialist can expect to be involved concurrently in a number of the following areas:

•    Content Development – Create, customize, and maintain SIEM rules, alerts, and correlation policies tailored to telecoms devices and network elements, ensuring timely threat detection and response.
•    Threat Analysis – Analyse security event data to identify potential security incidents and vulnerabilities specific to the telecoms environment.

•    Security Analytics – takes part in a security event analysis activity to defeat cyber threats.

•     Log Integration – Assist in configuration of log sources for telecoms devices and network components, ensuring comprehensive data collection for analysis.

•    Documentation  – Maintain clear and up-to-date documentation of SIEM content, configurations, and telecoms-specific threat intelligence.

•    Compliance  –  Ensure that SIEM content aligns with regulatory and industry compliance standards relevant to telecoms.

•    Continuous Improvement – Stay up-to-date with emerging threats, trends, and technologies in the telecoms security landscape and incorporate best practices into SIEM content.

•    Security Reporting and Advisories – takes part in, and may lead, the delivery of cyber security reports and advisories to all key stakeholders.

•    Residual Risk Assessment – takes part in the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting.


Telecoms SIEM Content Development Specialist will be expected to operate with minimal supervision and to be able to make quick independent decisions.  This role requires the ability to build strong relationships across the Vodafone security community.
 

What you’ll do


•    Content Development – Create, customize, and maintain SIEM rules, alerts, and correlation policies tailored to telecoms devices and network elements, ensuring timely threat detection and response.

•    Threat Response – takes part in, and may lead, a Threat Action Group to defeat cyber threats.  

•    Security Reporting and Advisories – takes part in, and may lead, the delivery of cyber security reports and advisories to all key stakeholders.

•    Residual Risk Assessment – takes part in, and may lead, the delivery of ‘operational and technical’ lessons learnt post incident analysis and reporting.

•    Collaborating with data owners and customers on understanding data sources and use cases, and successfully translating requirements to actionable content.
 

Who you are


Able to demonstrate experience of:

•    3 years minimum experience in security threat and vulnerability management technologies /security professional services experience.

•    3 years minimum experience in SIEM content development and refinement.

•    Demonstrate deep understanding of telecoms equipment, protocols, and network architecture to develop accurate and effective SIEM content.

•    Deep Knowledge of telecoms protocols and equipment (e.g., Routers, Switches, VoIP systems,IOT,NAS).

•    Deep knowledge of security threat and vulnerability management technologies best practice/continuous improvement (from both a technology and operational process perspective) that will improve Cyber Defence Operations overall detection and response capabilities.

•    Strong analytical and communication skills. Build on and continuously improves SOC analytics framework.

•    In depth and extensive hands-on experience in security event analytics, SIEM content development - Refines SIEM content and delivers efficiencies within the CSOC SIEM and all other technologies used within the team.

•    Deep knowledge of cyber risk analysis and management, including security reporting frameworks.

•    Deep knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc.

•    Deep knowledge of typical security devices such as firewalls, intrusion detection systems, AV systems, anti-spam systems, event correlation devices, log file analysers, etc.

•    Understanding of cloud and IoT security in telecoms

•    Knowledge of cloud platforms including, but not limited to Google cloud, AWS, Oracle, Azure, O365.

•    Knowledge of Security Architecture and Design area with modern and APT technologies

What's in it for you

Discretionary yearly bonus: 10%
Annual leave: 28 days + bank holidays + the opportunity to buy/sell/carry over 5 days/year
Charity days: 5 days/year
Maternity leave: 52 weeks out of which 39 weeks are fully paid + 13 weeks half pay and 6 months - working 4 days, getting paid 5
Private pension: You can contribute up to 5% of your basic pay with 2:1 matching from Vodafone up to 10%.
Access to: private medical, private dental, free health assessments, share save scheme
Additional discounts: Vodafone retail, gym, cinema, cycle to work, season ticket loan

Who we are

You may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.

As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.

Together we can.

 

#TogetherWeCan #GroupResourcing #GroupTalentAcquisition #WeAreHiring #JoinOurTeam #LI-hybrid

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.