Job Description: Responsibilities
Skills And Qualifications
- Configure and administer the SIEM to support the needs of SOC.
- Provide second level technical support for SIEM tool.
- Responsible for maintaining the health of the SIEM tool and ensuring agreed uptime of the respective platform.
- Perform regular patching and version upgrades on the SIEM platform.
- Configure respective parsers, forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring.
- Coordinate or perform the scheduled backups and restore activities as per the backup policy.
- Maintain the log baselines as per the requirements given in the log management policies and compliance requirements where applicable.
- Manage faults, coordinate with principal vendor for resolution.
- Ensure Health and Maintenance of DR platform if any.
- Ensure real time data and Configuration replication between Primary and DR sites.
- In case of Primary site failure, ensure platform availability in DR site within defined SLAs.
- Maintain separate asset inventories for all log sources being on-boarded for all individual clients.
- Maintain proper documentation for the entire SIEM platform.
- Working across multiple accounts, you'll be the Subject Matter Expert for the respective SIEM Providing technical advice and guidance to SOC staff, Third Lines, System
- Architects, Project Managers and other teams.
- Developing strong relationships across the organization, with external strategic support partners and 3rd party vendors who provide tooling support. This ensures the safety of both on-prem data and systems, hosted and supported in other geographical locations. Knowledge and experience of SaaS, PaaS and IaaS solutions is desirable.
- Responsibility for the on-going management and in-service configuration changes of multiple SIEM solutions in a 24/7 environment with an on-call requirement.
- Troubleshoot, diagnose, report and resolve issues which may arise with several tools used to deliver our services (including other SIEM tooling)
- Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated.
- Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases.
- Provide security consultancy to other internal teams for matters relating to the SIEM.
- Support bid teams with their customer engagement by providing knowledge of the SIEM/SOC operations.
- Creation of custom parsing RegEx for on-boarding new log sources
- Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support
- Build and drive SIEM business, providing specialist advice and consultancy across the business and as part of sales engagement with external and internal customers.
- Serves as a SME for the Asia region and coordinates the SIEM activities.
- Articulate the business benefits of SIEM to business/technical customers as appropriate.
- Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions.
- Lead the SIEM architecture and design of major projects for clients, as well as partner within the wider practice to support SOC design and implementation.
- Has SIEM industry awareness including market leaders and key business drivers.
- Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience of the software, including architectural design, configuring, operating and problem-solving activities.
- As a senior member of the team, you will be accountable for the technical elements of complex work packages, working closely with customers and internal stakeholders to deliver comprehensive SIEM Management and support.
- A good understanding of implementing use cases and operational models or specific security solutions to meet the customer's requirement and understand how SIEM solution
- support SOCs.
- Provide a Technical Escalation Point during security incidents and advise on mitigation measures.
- Support the customer with the creation of complex reports and dashboards, manage alarms and usage cases as and when required.
- Drive to maintain a keen understanding of evolving threats and vulnerabilities to ensure the security of customer networks.
- Update Protective Monitoring/SIEM documentation, processes and procedures and ensure validity as required.
- Good knowledge of RegEx, SPL, ITSI, ES, Ansible and GIT Expert knowledge and hands-on experience in LogRhythm, Rapid 7, Arcsight, Azure Sentinel, Splunk or any other SIEM tool
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management
- Good knowledge of network, security and application security
- Practical Experience in the architecture and engineering of security solutions and ICT
- Understanding of legislative demands and compliance requirements mitigated through SIEM.
- Experience of the supporting policy, procedures and practices required to deliver and maintain an effective operational SIEM solution.
- Operational experience in a Security Operations, Cyber Defense or Threat Intelligence Centre is preferred.
- SIEM related certifications for Administration, implementation, deployment, architecture.
About DXC Technology: We are a Fortune 500 global IT services leader. Our more than 130,000 people in 70-plus countries are entrusted by our customers to deliver what matters most. We use the power of technology to deliver mission critical IT services across the Enterprise Technology Stack to drive business impact. DXC is an employer of choice with strong values, and fosters a culture of inclusion, belonging and corporate citizenship. We are DXC. Our Culture and Benefits
DXC is committed to building better futures for our customers, colleagues, environment, and communities. We take care of each other and foster a culture of inclusion, belonging and corporate citizenship. We put this to action developing and implementing societal initiatives within our Social Impact Practice. #WeAreDXC
Our "people first" philosophy means we offer competitive remuneration, benefits, training and career opportunities that reflect our commitment to improving the lives of our employees, and the communities in which we live and work. We are an Equal Opportunity Employer
DXC is proud to be an equal opportunity employer and we welcome submissions from people from all walks of life. We celebrate our diversity and recognize it is the unique contributions of our people that give us our edge. We stand by the 'bring your whole-self to work' philosophy. It is our inclusive culture that powers our results, and our company grows only if our people grow.