Apply for SIEM Platform Admin Job

7+ Years Relevant Experience

• Create innovative solutions to automate and reduce timeframes for operational changes and initial installation of the platform.
• Responsible for major SIEM client environmental changes, including upgrades.
• Custom parser development. Should have good Regex skills.
• Threat detection use-case designing, implementation and fine-tuning.
• Create rules/dashboards for compliance and audit requirements.
• Security monitoring experience with one or more SIEM technologies (Like QRadar, Splunk, Sentinel, Securonix ArcSight, Sumologic, FortiSIEM, Alien Vault,etc).
• Strong understanding of security incident management, malware management and vulnerability management processes.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.
• Strong technical knowledge of Internet security, networking protocols, and related technologies including IDS/IPS, firewalls, content filtering, and packet inspection.
• Working knowledge of PowerShell or Python.
• Experience with Linux and Unix operating systems.
• Working knowledge of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATT&CK framework.

Primary Skill:

• Enterprise SIEM Architect exposure. Multiple SIEM deployment experience. SOC Domain Specialized.
• Excellent knowledge of one of the SIEM products Qradar Sentinel, Splunk, ArcSight, etc.
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
• Experience with Incident response and Security Operations Center operations.
• Experience with deploying and managing a large SIEM deployment.
• Excellent understanding of enterprise logging standards, with a focus on application logging.
• XXX years of experience with Securonix, Splunk, ArcSight, QRadar, Sentinel SIEM systems.
• Excellent knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE ATT & ACK Framework.
• Excellent understanding of regular expressions, development of custom/flex Parsers.
• Excellent Python and Unix Shell scripting skills.
• Knowledge on overall GCP, AWS, Azure Cloud infrastructure.
• Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
• Excellent understanding of log flow from numerous services within GCP, AWS, Azure cloud and experience with integrating them with 3rd party logging tools including but not limited to Splunk, Qradar, ArcSight, Sentinel, Sumologic and Elastic Cloud.
• Good Experience with syslog-ng i.e., configuring complex multi client-server infrastructures.
• 5+ years of network security and system security experience, supporting security event management tools (SIEMs).
• Excellent understanding of cybersecurity operations, Incident Response processes.
• Excellent understanding of web application architectures and web services.
• Excellent communication skills.
• Good understanding of networking concepts.
• Experience interpreting, searching and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation).
• In-depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence.
• Ability to identify gaps in the existing security controls.
• Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content.

Secondary Skills:

• Domain experience of Network Security and Cloud Security.
• Security certifications such as CISSP, CEH, Security+.
• Preferred experience developing SIEM strategies and implementing these strategies in a global organization.
• 3–4 years previous SIEM engineering experience.
• Detail-oriented with strong organizational and analytical skills.
• Good knowledge of IT, including multiple operating systems and system administration skills.
• Good to have certifications: Network Security certification, security plus, CISA, CISSP.