Internship

Automatic Detection Engineering/ Rule Development

In this internship assignment, you will be tasked with automating various aspects of detection engineering and rule development to make the process more efficient and scalable across all customers. This internship will provide you with hands-on experience in the field of cybersecurity, with a focus on leveraging automation, scripting, and programming skills to enhance security operations.

Key Objectives:

  • Automate steps involved in the development of security detection rules, making it easier to create rules that apply to multiple customers.
  • Develop and execute queries that can scan and monitor all customers' data for potential security threats.
  • Implement a system for tracking and managing exclusions within the security detection process.
  • Gain a fundamental understanding of security concepts and apply this knowledge to automate security operations.

 

Tasks and Responsibilities:

During your internship, you will be expected to:

  • Collaborate with the security team to understand the detection engineering and rule development processes currently in place.
  • Develop scripts that can make API calls to security tools and systems, retrieve data, and perform automated actions.
  • Create and launch queries that can analyze data across all customers' environments to simplify threat hunting and rule development.
  • Implement a system for tracking and managing exclusions, ensuring that legitimate security events are not overlooked.

 

Skills/Knowledge Required:

  • Basic knowledge of security concepts, including threats, vulnerabilities, and incident response.
  • Proficiency in scripting languages such as Powershell and Python.
  • Familiarity with APIs and the ability to programmatically interact with backend systems and security tools.
  • Problem-solving skills and the ability to design and implement efficient automation solutions.

 

Outcome and Deliverables:

  • Documentation of automated processes and scripts developed during the internship.
  • Implemented queries and detection rules that can scan and monitor customers' data.
  • A system or tool for tracking and managing exclusions within the security detection process.
  • A final presentation summarizing your work and recommendations for further automation in the security operations.

 

 

Upload CV

Upload

This field is required.