SIEM Engineer

SIEM Engineer - CREQ Description Job Description:

1. Should have strong knowledge in Microsoft Sentinel SIEM engineering activities.
2. Should have performed SIEM engineering role more than 5 years.
3. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through logic apps, management of entire product feature, end to end configuration/administration.
4. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements.
5. Should have strong knowledge in MITRE attack framework and expertise in developing detections across framework.
6. Should have expertise in log management, retention configurations, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.
7. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents.
8. Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel.
9. Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.
10. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. (Hands-on in migrating agents from MMA to AMA will be added advantage)
11. Should have knowledge and experience in data transformation rules and data collection rules concepts in Sentinel.
12. Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have.
13. Should have ability to work with stakeholders to solve technical issues and must support and deliver complex business, security, and operational requirements.
14. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure.
15. Preference should be given for candidates completed expert training and certifications in Sentinel and Defender products of Microsoft.
16. Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.
Primary Location Gurgaon, Haryana, India Other Locations

Hyderabad, Andhra Pradesh, India

Job Type Experienced Primary Skills IT Service Management, Cloud Risk & Compliance Management Years of Experience 7 Qualification

Job Description:

1. Should have strong knowledge in Microsoft Sentinel SIEM engineering activities.
2. Should have performed SIEM engineering role more than 5 years.
3. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through logic apps, management of entire product feature, end to end configuration/administration.
4. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements.
5. Should have strong knowledge in MITRE attack framework and expertise in developing detections across framework.
6. Should have expertise in log management, retention configurations, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.
7. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents.
8. Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel.
9. Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.
10. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. (Hands-on in migrating agents from MMA to AMA will be added advantage)
11. Should have knowledge and experience in data transformation rules and data collection rules concepts in Sentinel.
12. Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have.
13. Should have ability to work with stakeholders to solve technical issues and must support and deliver complex business, security, and operational requirements.
14. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure.
15. Preference should be given for candidates completed expert training and certifications in Sentinel and Defender products of Microsoft.
16. Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.

Travel No