Job Openings
Security Information & Event Management (SIEM) Platform Operations
About the job Security Information & Event Management (SIEM) Platform Operations
Summary:
- As a Security Engineer, you will be responsible for designing, building, and protecting enterprise systems, applications, data, assets, and people. Your typical day will involve applying security skills to safeguard information, infrastructures, applications, and business processes against cyber threats using Security Information & Event Management (SIEM) Platform Operations.
Roles & Responsibilities:
- Lead the implementation and maintenance of SIEM platforms to able to detect and respond to security incidents
- Collaborate with cross-functional teams to develop and implement security usecases, playbooks, and integrations
- Stay updated with the latest advancements in security technologies and best practices to ensure the security of enterprise systems and data
- Create/Modify SIEM/SOAR usecases, playbooks, dashboards and parsers
- Lead SIEM/SOAR build/implementation activities
- Provide recommendations and optimizations on SIEM and SOAR technologies to drive efficiencies and increase output
Professional & Technical Skills:
- Experience in Security Response and Monitoring Implemented any SIEM solutions;
- Hands on experience in port scan and vulnerability scanning techniques;
- Strong ArcSight ESM and Splunk skills from end tend understanding of the technology;
- Strong understanding of Security orchestration, automation and response technology;
- Implemented multiple SOAR playbooks/projects;
- Strong understanding of Correlation, Normalization, Parsing, and syslog formats and events in general;
- Strong understanding of SIEM and the required infrastructure;
- Strong understanding of SIEM concepts and best practices;
- Should have architect level knowledge in Information Security domain;
- Should have design, build or consulting experience on any of the leading SMR tools;
- Knowledge on different standards and frameworks CIS, COBIT, IS17799 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP, PCI-DSS, CIS, OWASP Windows administration skills
- Application servers, web services, remote access, file print services, server virtualization
- Active Directory Performance monitoring, logs alerts Network fundamentals
- Knowledgeable in Infrastructures such as VPN, LAN, WAN, wireless network, network topologies, and access methods
- Knowledgeable in Hardware such as switches, routers, media types
- Protocols and services such as OSI model, IPv4, IPv6, name resolutions, networking services, TCP/IP
- Knowledgeable in User authentication, permissions, password policies, audit policies, encryption, cryptography
- Knowledgeable in Physical security, internet security, wireless security, and core security principles
- Strong understanding to security monitoring tools and technologies Splunk, SIEM, IBM QRadar, Demisto, Splunk Phantom, Azure Sentinel
Additional Information:
- The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with a proven track record of delivering impactful security solutions