Location : Noida
Experience :
1 to 2 years developing and implementing data analytics methodologies with good interpersonal with excellent communication skills
Technical Skills Required :
- BE/B.Tech/MCA with minimum 6-10 Plus years of experience in the field of IT Security
- CISSP, CISA and/or GCIA (GIAC Certified Intrusion Analyst)
- Architecture design experience and certifications with one or more SIEM/ Security solutions (i.e Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar, LogRhythm)
- Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation
- Familiarity with security analysis of critical system logs and network protocols such as network flow data and full packet capture technologies
- Strong written and verbal communication, as well as organizational and documentation skills, Self-motivated and possessing a high sense of urgency and integrity
- Demonstrates the ability to adapt to ever-changing schedules and work assignments including willingness to travel and work extended hour
- In-depth knowledge of technical approaches in security analytics, monitoring and alerting Maintains technical knowledge within areas of expertise
Key Responsibilities :
- Anaconda Navigator
- Administration of SIEM environment (eg: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery etc)
- Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables)
- Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service
- Assist during UAT of Content Items against performance criteria defined in the High-Level Use Case (HLUC) documentation.
- Perform modification of Content Items, including tuning of threshold and alert logic, so they meet requirements defined in the HLUC or for performance, functionality, or usability enhancements on Covered Systems.
- Identifies possible sensor improvements to prevent incidents
- Collects/updates threat intelligence feeds from various sources
- Creates situational awareness briefings
- Co-ordinates with the client for incident analysis, containment and remediation
- Liaise with Security monitoring team to discover repeatable process that lead to new content development
- Demonstrated ability to innovate new solutions and processes; incorporating new technologies when warranted
- Provides engineering analysis and architectural design of technical solutions
- Knowledge of networking protocols and technologies and network security
- Knowledge and experience with End-Point Security, SIEM, DLP, IRM, vulnerability assessment and patch management solutions
- Understanding of risk and vulnerability mitigation
- Participates in CAB reviews, represents as a technical SME in CSIRT meetings
- Delivers Team mentoring responsibilities to enhance skill level of L1 and L2 colleagues and foster a culture of information exchange within the team
Other Skills :
- Good communication, co-ordination and interaction skills
- Vendor Management and escalation handling with Vendors
- Project Management & Governance
- Self-motivated and possessing a high sense of urgency and integrity
