EY TC-CS-Cyber Detection Response-SIEM OT-Senior 

India, Karnataka, Bengaluru 

707593583

Key Capabilities:

• Design and develop impactful SIEM use cases tailored to OT environments.
• Onboard data into SIEM from various sources, including custom parsers for unsupported sources.
  • Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
  • Experience in parsing and masking of data prior to ingestion in SIEM
  • Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
  • Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
  • Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM
• Create advanced visualizations and dashboards to provide near real-time visibility into OT applications.
• Provide operational support for globally deployed OT network monitoring solutions like Nozomi, Claroty, and Armis.
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
  • Understand customer requirements and recommend best practices for SIEM solutions.
  • Offer consultative advice in security principles and best practices related to SIEM operations
  • Design and document a SIEM solution to meet the customer needs

• Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
  • Experience in creating use cases under Cyber kill chain and MITRE attack framework
  • Sound knowledge in configuration of Alerts and Reports.
  • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
  • Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations

Qualification & Experience:

• At least 8 years of overall experience in cybersecurity with a minimum of 4 years in OT/IOT Security solutions.
• Strong knowledge of IT/OT/IoT communication protocols and experience supporting industrial protocols
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.

• Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
  • Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
  • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues

• Certification in any one of the SIEM Solution such as Splunk, IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.