| Job Description: |
Req ID- 10520335
Job Title: Developer
Work Location: Bangalore
Skills Required: JR SIEM Admin
Experience: 4- 6 Years
Job Description:
• Excellent knowledge of one of the SIEM products Sentinel, Securonix
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing
• Experience with Incident response and Security Operations Center operations
• Experience with deploying and managing a large SIEM deployment
• Excellent understanding of enterprise logging standards, with a focus on application logging
• XXX years of experience with Securonix, Splunk, ArcSight, QRadar, Sentinel SIEM systems
• Excellent knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE Telecommunication&ACK Framework
• Excellent understanding of regular expressions, development of custom/flex Parsers
• Excellent Python and Unix Shell scripting skills
• Knowledge on overall GCP, AWS, Azure Cloud infrastructure
• Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
• Excellent understanding of log flow from numerous services within GCP, AWS, Azure cloud and experience with integrating them with 3rd party logging tools including but not limited to Splunk, Qradar, ArcSight, Sentinel, Sumologic and Elastic Cloud
• Good Experience with syslog-ng i.e., configuring complex multi client-server infrastructures.
• 5+ years of network security and system security experience, supporting security event management tools (SIEMs)
• Excellent understanding of Cyber Security Operations, Incident Response processes
• Excellent understanding of web application architectures and web services
• Excellent communication skills
• Good understanding of networking concepts.
• Experience interpreting, searching and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation)
• In-depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.
• Ability to identify gaps in the existing security controls.
• Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.
Secondary Skills: (Good to Have)
• Domain experience of Network Security and Cloud Security
• Security certifications such as CISSP, CEH, Security +
• Preferred experience developing SIEM strategies and implementing these strategies in a global organization
• 3-4 years previous SIEM engineering Experience.
• Detail-oriented with strong organizational and analytical skills.
• Good knowledge of IT including multiple operating systems and system administration skills. |
| Comments for Suppliers: |
|
|
