This role will primarily setup, maintain, and enhance various SIEMs.
- Configure and administer the SIEM to support the needs of SOC.
- Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform.
- Perform regular patching and version upgrades on the SIEM platform.
- Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring.
- Research, build, and maintain detection capabilities for the latest threats across SIEM, log analytic, and security tool platforms.
- Ensure real time data and Configuration replication between Primary and DR sites.
- Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications.
- Explore leading cybersecurity products. Work with 3rd party security consultants and service providers to ensure all security aspects are covered. Operate security solutions such as SIEM, PAM, EDR, IDS/IPS and Web Application Firewall while ensuring compliance to regulatory standards and procedures.
- Security Automation: Automating processes using well-known frameworks such as PowerShell, Python, Bash, etc. As well as SOAR build out. (look like using AWS lambda to integration (CloudFront/WAF/ALB) and automating your work.)
- Continuous Monitoring: Management AWS Guard duty and intrusion detection, User Behavior, and other security monitoring.
- Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated.
- Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases.
- Provide security consultancy to other internal teams for matters relating to the SIEM.
- Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
- Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions.
Requirements
- Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
- A good understanding of implementing use cases and operational models or specific security solutions to meet the customer's requirement and understand how SIEM solution
- Hands-on experience in a two or more of the key security domains such as: security operations (SIEM, EDR, vulnerability management), Cloud security, Data security, Identity and access management, and secure software development lifecycle
- Knowledge of networking and AWS/Azure Cloud Security practices and tools.
- SIEM related certifications for Administration, implementation, deployment, architecture.