Description
- SOC Technology Stack - Implementation and Deployment:
- Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
- Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
- Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
- Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
- Deploy security platforms required by the SOC.
- Conduct POCs as per the Project Requirements.
- SOC Technology Stack - Engineering and Administration:
- Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
- Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
- Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
- Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
- Perform regular maintenance, upgrades, and patches to keep the systems up to date.
- Technical Support and Troubleshooting:
- Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
- Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
- Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
- Troubleshoot and rectify any issues that occur within the technology stack
- Provide technical support to internal/external teams to enhance security in the IT infrastructure.
- Process Automation and Optimization:
- Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
- Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
- Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
- Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.
- SOC Technology Stack - Content Development and Maintenance:
- Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
- Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
- Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
- Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.
- Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
- Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
- Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration, and administration.
- Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.
Person Specification
- Bachelors degree in Computer Science, Information Security.
- Professional certifications related to SIEM Administration and Deployment.
- Experience with the AWS and Azure cloud technology stack.
- Strong experience in SIEM engineering, administration, and content development, preferably with industry leading SIEM platforms such as Splunk, QRadar, LogRhythm, Microsoft Sentinel, FortiSIEM etc.
- Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
- In-depth knowledge of log management, log analysis, and security event correlation concepts.
- Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory, and network monitoring solutions etc.
- Strong knowledge of networking protocols, systems architecture, and security frameworks.
- Experience with incident response processes and methodologies.
- Excellent problem-solving, analytical thinking and troubleshooting skills.
- Strong communication and collaboration skills to work effectively within cross-functional teams.
- 2-3 years' relevant work experience.
Skills
AWS
Azure
Scripting languages
Analytical
Communication
Industry Sector