· Configure and administer the SIEM to support the needs of SOC.
· Provide technical support for SIEM tool.
· Accountable for maintaining the health of the SIEM tool and ensuring 99.96% uptime of the platform.
· Perform regular patching and version upgrades on the SIEM platform.
· Configure log forwarders/Agents and develop decoders/parsers (if needed) to integrate various log sources with SIEM platform for log monitoring.
· Accountable for performing the scheduled backups and restore activities as per the backup policy.
· Maintain the log baselines as per the requirements given in the log management policies and customer compliance requirements.
· Configure detection rules and monitoring use cases for the customer SIEM tools.
· Manage faults occurring in SIEM products using troubleshooting skills; coordinate with external parties/Subject Matter Experts for resolution.
· Ensure Health and Maintenance of SIEM DR platform. (as per customer requirement)
· Ensure real time data and Configuration replication between Primary and DR sites (as per customer requirement).
· In case of Primary site failure, ensure platform availability in DR site within defined SLAs (as per customer requirement).
· Identify and ensure health and availability of all Heavy Log Forwarders/Agents deployed at client site.
· Maintain separate asset inventories for all log sources being on-boarded for all individual clients.
· Maintain proper documentation for the entire SIEM platform operations lifecycle – Planning, analysis, design, implementation, testing & integration, maintenance.
· Collaborates multi-functionally with SOC analysts to deliver continuous improvement in cyber defense/resilience.
· Develops, implements, and sustains operational scripts, data structures, libraries and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment.
· Analyzes, designs, develops, and operates programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context.
· Participate in SOC projects or initiatives where a SOC Engineer is needed with a focus on ensuring inclusion of information security requirements.
· Participate in proactive research and provide recommendations for continuous improvement on SIEM/SOC technologies, processes, and services.
Experience / Job Competencies / Success Factors: –
· 2+ years of hands-on experience in SOC role in any company.
· Proven knowledge and experience in one or more Information Security capability like security monitoring, threat intelligence, network protection, data protection, endpoint protection, technical security assessments, security architecture
· Good Knowledge of implementing SIEM solutions like Splunk etc.
· Good Knowledge and experience in using ELK platform for log management.
· Good knowledge of Demisto or any other security orchestration (SOAR) tool
· Experience in using and running Linux-based operating systems.
· Working knowledge of scripting languages such as Python and PowerShell
· Good Knowledge of using regex techniques.
· Strong Networking and Operating System knowledge
· DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies like ansible, chef, puppet, docker, Jenkins, etc.
· Knowledge of Information Security standards and policies like ISO 27001/27002, NIST, and others
· Good verbal and written communication skills.
· Successful management of multiple priorities
· Excellent analytical and troubleshooting skills.
· Experience with user documentation as it relates to the delivery of services in a regulated environment.
· Capable of working unsupervised and able to interact with SOC Analysts to automate the resolution processes, and to elaborate corresponding documentation to enrich the corporate security policies and processes.
Education Qualification Requirements: –
· Any bachelor’s degree in computer science
· Priority for B. Tech (Computer Science/IT/Electronics/Communication Engineering)
· Mandatory: SIEM product Certifications /RHCE/CCNA (any 2 would do)
· Desirable: CEH/CCNA/CCNP (any 1 will do)