Your Role and Responsibilities As a SIEM Engineer you will be responsible for implementation and deployment of new SIEM projects; and managing and providing SIEM health and operational support, including supporting to architecture changes, tool deployments and advanced detection engineering.
Responsibilities
Understand SIEM product architecture.
Ensure up-time of SIEM components.
Perform daily SIEM Health Check & Availability monitoring.
Understanding logs, Log formats, identify appropriate information for Log parsing and SIEM rule creation, Log Source Review
Suggest logging levels and baseline log sources.
Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies
SIEM Content Development Keep a track of latest patches major version upgrades released by vendors.
Log Retention Define and manage the log retention for all integrated devices as per defined agreement.
Data Enrichment and asset modelling.
Custom integration – Develop parsers for non-supported log sources as per scope.
You will be closely working with Security Operations Center (SOC), Threat Intelligence, Threat Hunt, Automation and Orchestration teams to develop and operationalize meaningful security alerting and ensuring platform health and uptime.
SIEM (Cortex XSIAM\\Splunk, Chronicle\\Qradar\\Micro Focus ArcSight\\Microsoft Sentinel\\LogRhythm\\Nitro) configuration management, troubleshooting, addressing complex issues and day to day operations management.
Keep abreast of latest IT security, regulatory and compliance trends to support various risk\\data models.
Ready to work in 24×7 rotational shift model including night shift.
Required Technical and Professional Expertise
8 to 10 years’ relevant experience in security information and or technology engineering support.
Experience with the following technologies : leading SIEM technologies (Cortex XSIAM\\Splunk, Chronicle\\ Qradar\\Micro Focus ArcSight\\Microsoft Sentinel\\LogRhythm\\Nitro) IDSIPS, network- and host- based firewalls, data leakage protection (DLP), common EDR platforms etc.
Understanding of possible attack activities such as network probing scanning, DDOS, malicious code activity, exfiltration, credential access, etc.
An understanding of the Cyber Kill Chain, the MITRE attack framework, various TTPs described within and commonly used by attackers as well as how to write detection rules for them in SIEM and EDR solution.
Understanding of tools, technologies and logging mechanism including understanding to common network devices such as routers, switches, load balancers etc.
Understanding of typical cloud threats and knowledge of how to detect and prevent them, cloud logging and audit capabilities and the ability to develop detection rules around these.
Understanding of basic networking protocols such as IP, DNS, HTTP, and the network s
Basic knowledge in system security architecture and security solutions.