Senior Engineer - Platform Security - SOC

MillenniumIT ESP
20 days ago
tie
0 Applied
Expires on: Dec 11 2024
tie

Ref.No 00005376

Description
  • SOC Technology Stack - Implementation and Deployment:
  • Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
  • Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
  • Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
  • Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
  • Deploy security platforms required by the SOC.
  • Conduct POCs as per the Project Requirements.
  • SOC Technology Stack - Engineering and Administration:
  • Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
  • Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
  • Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
  • Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
  • Perform regular maintenance, upgrades, and patches to keep the systems up to date.
  • Technical Support and Troubleshooting:
  • Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
  • Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
  • Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
  • Troubleshoot and rectify any issues that occur within the technology stack
  • Provide technical support to internal/external teams to enhance security in the IT infrastructure.
  • Process Automation and Optimization:
  • Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
  • Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
  • Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
  • Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.
  • SOC Technology Stack - Content Development and Maintenance:
  • Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
  • Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
  • Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
  • Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.
  • Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
  • Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
  • Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration, and administration.
  • Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.

Person Specification

  • Bachelors degree in Computer Science, Information Security.
  • Professional certifications related to SIEM Administration and Deployment.
  • Experience with the AWS and Azure cloud technology stack.
  • Strong experience in SIEM engineering, administration, and content development, preferably with industry leading SIEM platforms such as Splunk, QRadar, LogRhythm, Microsoft Sentinel, FortiSIEM etc.
  • Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
  • In-depth knowledge of log management, log analysis, and security event correlation concepts.
  • Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory, and network monitoring solutions etc.
  • Strong knowledge of networking protocols, systems architecture, and security frameworks.
  • Experience with incident response processes and methodologies.
  • Excellent problem-solving, analytical thinking and troubleshooting skills.
  • Strong communication and collaboration skills to work effectively within cross-functional teams.
  • 2-3 years' relevant work experience.
Skills
AWS
Azure
Scripting languages
Analytical
Communication
Industry Sector