Identify, build and finetune use cases for new detection abilities that can help SOC team to reduce MTTD of threats.
Support platform improvements by identifying system issues/bugs, features, or improvements to improve quality of detections and capability of platform.
Analyze Customer threat intelligence reports (if available) for building new detection rules.
Incorporate feedback for new detection use case and finetuning.
Support in Use case simulation and validation before introducing to Production where applicable.
Documentation around the detection content developed.
Tools: ELK
