Configure and administer the SIEM to support the needs of SOC
Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform
Perform regular patching and version upgrades on the SIEM platform
Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring
Research, build, and maintain detection capabilities for the latest threats across SIEM, log analytic, and security tool platforms
Ensure real time data and Configuration replication between Primary and DR sites.
Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications
Explore leading cybersecurity products. Work with 3rd party security consultants and service providers to ensure all security aspects are covered. Operate security solutions such as SIEM, PAM, EDR, IDS/IPS and Web Application Firewall while ensuring compliance to regulatory standards and procedures
Security Automation: Automating processes using well-known frameworks such as PowerShell, Python, Bash, etc. As well as SOAR build out. (look like using AWS lambda to integration (CloudFront/WAF/ALB) and automating your work)
Continuous Monitoring: Management AWS Guard duty and intrusion detection, User Behavior, and other security monitoring
Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated
Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases
Provide security consultancy to other internal teams for matters relating to the SIEM.
Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions
Requirements
Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
A good understanding of implementing use cases and operational models or specific security solutions to meet the customer\xe2\x80\x99s requirement and understand how SIEM solution
Hands-on experience in a two or more of the key security domains such as: security operations (SIEM, EDR, vulnerability management), Cloud security, Data security, Identity and access management, and secure software development lifecycle
Knowledge of networking and AWS/Azure Cloud Security practices and tools.
SIEM related certifications for Administration, implementation, deployment, architecture
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.