Your Role and Responsibilities SIEM-Sentinel Admin
How we’ll help you grow:
You’ll have access to all the technical and management training courses you need to become the expert you want to be
You’ll learn directly from expert developers in the field; our team leads love to mentor
You have the opportunity to work in many different areas to figure out what really excites you
Required Technical and Professional Expertise
Proficient with Azure Sentinel focusing primarily on SIEM (security information and event manager) for monitoring, XDR (Extended Detection and Response) for incident response actions
Possess knowledge of a Security Operations Center (SOC) operations
Must have technology experiences: Azure Sentinel, Azure Sentinel SOAR, Azure Playbooks, KQL Queries
Sound Knowledge on JavaScript, C#, KQL or SQL development background
Possess knowledge on log management, logs generated by various applications or appliances of IT infrastructure for SIEM event correlation
Ability to define various SIEM use cases based on IT environment for better detection of anomalies
Strong understanding of the SOC KPIs, establish SOC performance goals and priorities
Manages security teams, monitors threat, implements security policies, and collaborates with other departments to ensure a comprehensive security posture.
Understanding of the cybersecurity framework such as NIST, MITRE ATT&CK(attack lifecycle management)
Manage communications, escalations, including taking corrective action for remediation.
Excellent written and Verbal communication skill
Knowledge on SOC automation related skills
Knowledge of handling and using threat intelligence feeds for threat detection purposes. • Critical Incident lifecycle Management and Reporting Operations Management, Stakeholder Management and Vendor Management
IT Security Certifications like CISSP, CISM, etc.
Preferred Technical and Professional Expertise
Design, build, test, deploy Sentinel SIEM and Security Architectures
Experience with Security Information and Event Management (SIEM) tools – mainly Sentinel and QRadar
Preferred Certifications like Certification : AZ-900 ,SC-200 / AZ-500 and any other relevant SIEM certifications(OEM specific) etc.
At least 3 years of professional experience with IT Security products and services, ideally related to Sentinel SIEM
Understanding the technical aspects of the Information Security.
Participate on interconnecting the Sentinel SIEM tool with sources of security incidents – e.g. logs from servers, network and security devices, Vulnerability Management system, Antivirus system, etc.
Serve as deeply skilled and knowledgeable resource within the SIEM and SOAR technology area
Participate on automation of the incidents prioritization and false positives identification
Perform security incident analysis and recommend remediation steps