Your Role and Responsibilities- Responsible for Apps Installation, Troubleshooting & App host Management.
- Understanding about threat scenarios, threat vectors and logs to arrive at identify new threats.
- Analyse existing SIEM rules to optimize threat detection and minimize false positives.
- Participate in Client SOC strategy and planning, including capacity planning and technology roadmap.
- Ability to multitask and work independently with minimal direction and maximum accountability.
- Coordination skills to collaborate with multiple technical and service delivery team.
- Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts.
- Up-to-date technical knowledge by attending educational workshops, reviewing publications.
Required Technical and Professional Expertise
- 5+ years of IT experience in security with at least 3+ Years in Security Operation centre with SIEMs and EDR.
- Should have good understanding of Networking, OSI, TCP/IP concepts.
- Should have good understanding of ITIL process.
- Should understand Cybersecurity controls and attack.
- Understanding of MITRE Framework and attack methods.
- Good to have Cybersecurity certifications [SIEM Administrations, CEH, CompTIA S+]
- Should have work experience multiple SIEM solutions and understanding of SIEM Architecture and components [Mainly Qradar SIEM].
- Good to have hands on experience in SIEM Administration and troubleshooting [Mainly Qradar SIEM].
- Should have knowledge in new SIEM Implementation and deployment with DC-DR, HA setup and configurations [Mainly Qradar SIEM].
- Should coordinate with Engineering Lead and ensure the SIEM projects are delivered on time, and in-line with Customer expectation and best practices.
- Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
- Experience in SIEM Version Upgrade, Patch Upgrade, WinCollect Version Upgrades.
- Must have proven experience in Log Sources Integration & Troubleshooting.
- Strong skill set in custom log sources integration & parser development.
- Should perform regular health checks and maintain the SIEM platform effectively.
- Should have work experience in UBA & Rules and Tuning of UBA app.
- Experience in Use Case conceptualization, configuration & testing.
- Standardizing Use Cases and make it applicable for all customers.
Preferred Technical and Professional Expertise
- Certifications: CEH or ECIH or CompTIA security analyst.
- Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work.
- Intuitive individual with an ability to manage change and proven time management.
- Proven interpersonal skills while contributing to team effort by accomplishing related results as needed.
- Any entrant or Professional skill on shell scripting, AIX, Linux or Python.
- Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc.
- Proven Experience on any of the Security information and event management (SIEM) tools like (Qradar, Splunk, McAfee ESM etc.)
- Data-driven threat hunting using SIEM and other threat hunting tools.
- Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR
- Identify quick defence techniques till permanent resolution.
- Recognize successful intrusions and compromises through review and analysis of relevant event detail information.
- Actively investigates the latest security vulnerabilities, advisories, and incidents.
- Identify the gaps in security environment & suggest the gap closure.
- Drive & Support Change Management.
- Ready to work in 24×7 rotational shift model including night shift.