Internship : SIEM Engineer

Description

- Detection-as-Code: You will implement an automated pipeline leveraging GitLab, Splunk, Sentinel, and Sigma to streamline the creation, validation, and deployment of detection rules.

- Rule Linter: Develop a custom linter to ensure detection rules follow the correct rule format and adhere to best practices.

- Basic Detection Rules: Create and maintain a library of standard detection rules for common threats, enabling faster and more consistent threat detection across environments..

Objectives

- Automate Detection Rule Deployment: Design and configure a pipeline that automatically validates, packages, and deploys Sigma-based detection rules to Splunk and Sentinel.
- Ensure Rule Quality: Develop a linter that checks syntax, formatting, and potential rule conflicts, promoting reliability and consistency of detection rules.
- Enhance Security Posture: Provide a solid baseline of detection rules to mitigate common threats, and document best practices to facilitate knowledge sharing within the team.

Our offer
› A dynamic work and collaborative environment with a highly motivated multi-cultural and international sites team
› The chance to make a difference in peoples’ life by building innovative solutions
› Various internal coding events (Hackathon, Brownbags), see our technical blog
› Monthly After-Works organized per locations

Skills required
- Final-year student (Master’s level) in Computer Science, Software Engineering, Cybersecurity, or a related field.
- Practical knowledge of GitLab (CI/CD pipelines) and experience with log management or SIEM solutions (Splunk, Sentinel, etc.).
- Familiarity with Sigma rules or similar threat detection frameworks.
- Proficiency in scripting (e.g., Shell, Python) and version control (Git).
- Strong problem-solving skills, autonomy, and a willingness to learn in a fast-paced environment.