Configure and administer the SIEM to support the needs of SOC.
Provide second level technical support for SIEM tool.
Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform.
Perform regular patching and version upgrades on the SIEM platform.
Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring.
Coordinate or perform the scheduled backups and restore activities as per the backup policy.
Maintain the log baselines as per the requirements given in the log management policies and compliance requirements where applicable.
Manage faults, coordinate with principal vendor for resolution.
Ensure Health and Maintenance of DR platform if any.
Ensure real time data and Configuration replication between Primary and DR sites.
In case of Primary site failure, ensure platform availability in DR site within defined SLAs.
Maintain separate asset inventories for all log sources being on-boarded for all individual clients.
Maintain proper documentation for the entire SIEM platform.
Working across multiple accounts, you'll be the Subject Matter Expert for the respective SIEM Providing technical advice and guidance to SOC staff, Third Lines, System
Architects, Project Managers and other teams.
Developing strong relationships across the organization, with external strategic support partners and 3rd party vendors who provide tooling support. This ensures the safety of both on-prem data and systems, hosted and supported in other geographical locations. Knowledge and experience of SaaS, PaaS and IaaS solutions is desirable.
Responsibility for the on-going management and in-service configuration changes of multiple SIEM solutions in a 24/7 environment with an on-call requirement.
Troubleshoot, diagnose, report and resolve issues which may arise with several tools used to deliver our services (including other SIEM tooling)
Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated.
Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases.
Provide security consultancy to other internal teams for matters relating to the SIEM.
Support bid teams with their customer engagement by providing knowledge of the SIEM/SOC operations.
Creation of custom parsing RegEx for on-boarding new log sources
Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
Build and drive SIEM business, providing specialist advice and consultancy across the business and as part of sales engagement with external and internal customers.
Serves as a SME for the Asia region and coordinates the SIEM activities.
Articulate the business benefits of SIEM to business/technical customers as appropriate.
Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions.
Lead the SIEM architecture and design of major projects for clients, as well as partner within the wider practice to support SOC design and implementation.
Has SIEM industry awareness including market leaders and key business drivers.
Skills and Qualifications:
Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
As a senior member of the team, you will be accountable for the technical elements of complex work packages, working closely with customers and internal stakeholders to deliver comprehensive SIEM Management and support.
A good understanding of implementing use cases and operational models or specific security solutions to meet the customer's requirement and understand how SIEM solution
Provide a Technical Escalation Point during security incidents and advise on mitigation measures.
Support the customer with the creation of complex reports and dashboards, manage alarms and usage cases as and when required.
Drive to maintain a keen understanding of evolving threats and vulnerabilities to ensure the security of customer networks.
Update Protective Monitoring/SIEM documentation, processes and procedures and ensure validity as required.
Good knowledge of RegEx, SPL, ITSI, ES, Ansible and GIT Expert knowledge and hands-on experience in LogRhythm, Rapid 7, Arcsight, Azure Sentinel, Splunk or any other SIEM tool
Knowledge of ITIL disciplines such as Incident, Problem and Change Management
Good knowledge of network, security and application security
Practical Experience in the architecture and engineering of security solutions and ICT
Understanding of legislative demands and compliance requirements mitigated through SIEM.
Experience of the supporting policy, procedures and practices required to deliver and maintain an effective operational SIEM solution.
Able to communicate with internal and external senior management.
Capability of understanding and resolving complex SIEM issues.
Operational experience in a Security Operations, Cyber Defense or Threat Intelligence Centre is preferred.
SIEM related certifications for Administration, implementation, deployment, architecture.
Nice to haves
Experience with SIEM automation tools (SOAR (Security Orchestration, Automation and Response) are desired
Knowledge of scripting with Python, Perl, Bash and the use of APIs
Experience with administration and implementation of (UEBA (User & Entity Behavior Analytics)) toolsets
Bachelor's degree in Computer Science or Technical discipline with 5-8+ years of professional experience.