Location : Delhi, NCR.
Educational Background :
Bachelor's degree (or equivalent) preferred in Computer Science, Information Systems or related fields
Certifications :
Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP) and SANS GIAC.
Experience :
1 years' experience working in IT/InfoSec engineering and operations
Primary Duties: :
The Cybersecurity SIEM Administrator will be responsible for administering the deployed SIEM service. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases.
Technical Skills Required :
- BE/B.Tech/MCA with minimum 6-10 Plus years of experience in the field of IT Security
- CISSP, CISA and/or GCIA (GIAC Certified Intrusion Analyst)
- Architecture design experience and certifications with one or more SIEM/ Security solutions (i.e Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar, LogRhythm)
- Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation
- Familiarity with security analysis of critical system logs and network protocols such as network flow data and full packet capture technologies
- Strong written and verbal communication, as well as organizational and documentation skills
Self-motivated and possessing a high sense of urgency and integrity
- Demonstrates the ability to adapt to ever-changing schedules and work assignments including willingness to travel and work extended hour
- In-depth knowledge of technical approaches in security analytics, monitoring and alerting
Maintains technical knowledge within areas of expertise
Key Responsibilities :
- Administration of SIEM environment (eg: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery etc)
- Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables)
- Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service
- Assist during UAT of Content Items against performance criteria defined in the High-Level Use Case (HLUC) documentation.
- Perform modification of Content Items, including tuning of threshold and alert logic, so they meet requirements defined in the HLUC or for performance, functionality, or usability enhancements on Covered Systems
- Identifies possible sensor improvements to prevent incidents
- Collects/updates threat intelligence feeds from various sources
- Creates situational awareness briefings
- Co-ordinates with the client for incident analysis, containment and remediation
- Liaise with Security monitoring team to discover repeatable process that lead to new content development
- Provides engineering analysis and architectural design of technical solutions
- Knowledge of networking protocols and technologies and network security
- Knowledge and experience with End-Point Security, SIEM, DLP, IRM, vulnerability assessment and patch management solutions
- Understanding of risk and vulnerability mitigation
- Participates in CAB reviews, represents as a technical SME in CSIRT meetings
- Delivers Team mentoring responsibilities to enhance skill level of L1 and L2 colleagues and foster a culture of information exchange within the team
Other Skills :
- Good communication, co-ordination and interaction skills
- Vendor Management and escalation handling with Vendors
- Project Management & Governance
- Self-motivated and possessing a high sense of urgency and integrity
