SIEM Engineer

Job Objective

Our Cyber Security Operation function works to continuously strengthen cyber security posture

through research, threat simulations, threat hunting, and offensive security engagements. This position will be

responsible for analyzing, designing, and developing commercially viable end-to-end technical solutions based on

business needs. In support of these, the role will include developing advanced correlation rules, reports, and

dashboards to detect emerging threats in SIEM & Cloud platforms. You will help design solutions for security

problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and

mitigation of threats from beginning to end.

Roles and Responsibilities

* Sentinel SIEM, EDR, EDR, Email Security administration and operation management

* Custom/unsupported devices integrate with Sentinel SIEM and use cases creation.

* EDR, MDO and E5 security policy fine-tuning.

* DNS Management

* Creation of customized reports and dashboards for presentation to various stakeholders.

* Identify and address technical or operational risks.

* SIEM and other security platform performance and capacity management

* Should be able to perform analysis of logs from various devices and develop use cases

considering evolving threat landscape for anomaly detection.

* Well versed with logging standard development and device onboarding/log source integration

of diversified devices including the ones not supported by SIEM OEM.

* Handle 24*7 operations and support various SOC activities

* Good Communication Skill and stakeholder management is imperative.

Job Requirements

Educational qualifications:

* Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).

* Advanced certification desirable RHEL certified, Sentinel Admin, AZ-900, CISP, CCSP, AWS Certified

Solution Architect – Associate, Google Cloud Professional Security Engineer, Microsoft Certified: Azure

Security Engineer Associate.

Experience:

* Overall 2+ year of experience in Engineering Admin & in Cyber Security.

* Strong experience in Sentinel SIEM architecture, administration

* Proven experience in assessing, designing, deploying, and operating SIEM platforms.

* Expertise in SIEM use cases creation.

* Expertise in CSPM policy creation and fine-tuning.

* Experience in defining best practices for optimized application and platform performance.

* Demonstrated expertise in modifying configurations that improve SIEM performance.

* Proficient in Kusto query language (KQL) and experienced in developing use cases.

* Familiar with multiple architectural, development and operational methodologies.