We are looking for a skilled and experienced Cybersecurity Incident Response Engineer with expertise in building rules for Security Operations Centers (SOC), workflows for Security Information and Event Management (SIEM) systems, and capability to perform system administration responsibilities for other cybersecurity systems to join our dynamic team. This role requires a broad understanding of cybersecurity principles, incident response procedures, and the ability to work in a fast-paced environment.
Your Profile will include:
• Correlation Rule Development:
o Design, develop, and implement correlation rules within SIEM systems to identify and respond to security events.
o Continuously refine and optimize correlation rules to reduce false positives and improved detection accuracy.
o Collaborate with SOC analyst and incident responders to understand threat scenarios and translate them into effective correlation rules.
• Log Source Management:
o Configure and manage log sources to ensure comprehensive and accurate data collection from various security devices, applications, and network infrastructure.
o Validate the integrity and completeness of log data to support effective monitoring and incident investigation.
o Work with system owners to onboard new log sources and ensure they are correctly integrated into the SIEM system.
• Security Monitoring and Incident Response Incident Response:
o Monitor security alerts and events generated by SIEM system to detect potential security incidents.
o Assist in the investigation and analysis of security incidents, providing expertise on the interpretation of SIEM data and correlation rules.
• System Administration:
o Perform regular maintenance and updates of SIEM, EDR, SOAR and Case Management systems to ensure optimal performance and security.
o Maintain documentation of SIEM, EDR, SOAR and Case Management configurations, correlations rules, and log source setups.
• Reporting and Compliance:
o Generate and review reports on security events, incidents, SIEM, EDR, SOAR, and Case Management system performance.
Required Skills and Qualifications:
• Technical Skills:
o Proficiency in configuring and managing SIEM, EDR, SOAR, and Case Management Systems (e.g., QRadar, IBM-Resilient, CrowdStrike Falcon)
o Strong knowledge of security event logging, log management, and log analysis.
o Experience in scripting languages (e.g., Python, PowerShell) for automating tasks and developing custom scripts for SIEM, EDR, SOAR, and Case Management systems.
o Endpoint Detection & Response
• Security Knowledge:
o In-depth understanding of cybersecurity principles, threat landscapes, and attack vectors.
o Familiarity with network protocols, operating systems (Windows, Linux, iOS) and common security technologies (firewalls, IDS/IPS, antivirus, etc.)
o Knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPPA, PCI-DSS, NIST, MITRE ATT&CK)
• Analytical and Problem-Solving Skills:
o Strong analytical skills to interpret complex log data and develop effective correlation rules.
o Ability to troubleshoot and resolve technical issues related to SIEM systems and log sources.
o Attention to detail and a methodical approach to problem-solving.
• Communication and Collaboration:
o Excellent written and verbal communication skills for documenting configurations and reporting incidents.
o Strong organizational skills to manage multiple tasks and projects simultaneously.
• Education:
o Bachelor's degree in computer science, information technology, or equivalent length of experience in cybersecurity, or related field.
• Professional Experience:
o 3-5 years of administration experience specifically in SIEM (QRadar), Endpoint Detection & Response (CrowdStrike Falcon), SOAR & Case Management (IBM-Resilient).
o 3-5 years of experience in SOC operations or related cybersecurity role.
o Proven track record of developing an optimizing correlation rules in SIEM systems.
o Hands-on experience with configuring and managing log sources from various security devices and applications.
• Any one of the following certifications is desired:
o Certified Information Systems Security Professional (CISSP)
o Certified Information Security Manager (CISM)
o Certified Ethical Hacker (CEH)
o GIAC Security Essentials (GSEC)
• SIEM – Specific Certifications:
o IBM Certified Associate Administration – IBM QRadar SIEM
o IBM Certified Administration – IBM QRadar SIEM
• EDR – Specific Certifications:
o CrowdStrike Certified Falcon Administrator (CCFA)
• SOAR – Specific Certifications
o IBM Resilient SOAR Foundations Badge
o IBM Certified SOC Analyst – QRadar SIEM
