Design, develop, and deploy high‑fidelity detection rules in SIEM (Splunk, Microsoft Sentinel, Devo, QRadar, EDR, etc.).
Create custom use cases to detect MITRE TTPs aligned with real‑world threats and red team activities.
Conduct detection gap analysis, tune alerting mechanisms, and eliminate false positives at the MSS customer environment.
Perform regular fine‑tuning and optimization of detection rules, correlation logic, and alert thresholds across SIEM, EDR, and other security platforms to enhance detection accuracy and reduce false positives.
Continuously assess detection efficacy based on incident feedback and threat landscape evolution, implementing improvements accordingly.
Collaborate with red/purple teams to validate detection logic and build threat‑informed defenses.
Regularly review, update, and enhance detection logic to ensure alignment with the latest threat intelligen...