Security Specialist – SIEM
|Требования:||To design, develop, implementation and management of security event and incident management solution|
Develop and Implement use cases for security event and incident management (leveraging SIEM solutions and other technologies)
Identify technologies and solutions related to infrastructure and business applications that are to be monitored for security threat detection
Develop and execute continuous improvement plan to optimize and improve efficiency of various cyber defense technologies.
Analyze and contextualize threat intelligence feeds (zero-day vulnerabilities, malware, etc.) and provide applicable solutions to implement protective controls and/or countermeasures
Perform analysis and identify opportunities tune and improve efficiency of SIEM, IDS/IPS, Malware detection technologies, and other technologies related to detecting emerging threats.
To manage the performance of security services to clients (24 x 7, 365 days per year) and ensure that service levels are achieved.
Good knowledge about process / metrics and controls. Ability to create new process and reporting matrices as and when required.
Advise the L1 & L2 teams on resolution. Provide technical expertise and handle escalated issues. Mentor L1 & L2 engineers to improve their technical and problem solving skills.
Perform periodic review of the security policies and standards to ensure that the IT infrastructure is aligned.
Perform detailed security event analysis, event investigation and validation, correlation and trending to ensure threats are identified and escalated accordingly
Provide recommendation plan to coordinate/support incident response process for remediation
Perform root cause analysis, trending and reporting for critical security incidents
Perform routine security functions for risk detection, prevention, and response
|Квалификация:||Demonstrate technical skills in security architecture review, secure network design review, gap analysis and opportunity to fine-time and/or integrate security technologies|
Identify and implement operational and technical methods for improving the efficiency and quality of processes. Identify the existing gaps and propose optimum solution to address the same.
Should be able to Design, develop, implementation, and management of SIEM solution.
Responsible for providing effective security monitoring and incident response through triage, investigation, communication, and reporting.
The engineer must be able to analyze, troubleshoot, and remediate issues with the SIEM.
The engineer will work closely with other teams to ensure that the SIEM is performing to standard with all necessary logging sources.
The candidate should also possess knowledge and experience from risk assessments, security solution analysis and implementation.
Previous knowledge of Archsight or Splunk or IBM SIEM solutions
|Контакты:||Контакт: Uliana Zdynianchyn|