Security Architect (SIEM solutions)
|Квалификация:||Candidate should possess a broad technical knowledge and hands on experience from implementation of different security tools and technologies, risk assessments, security solution analysis and implementation.|
The candidate’s seniority should allow him\her to manage distributed teams worldwide, implement best practices and single standards across all geographies (from design through to implementation).
Should be able to design, develop, implementation, and management of SIEM solution.
Experience of working with vendors as the Design Authority for the deployment of the SIEM solution to multiple countries
Education & Experience:
Security certifications such as CEH, CISM, CISSP etc would be an added advantage.
Extensive knowledge in Security risk assessment. Implementation of solutions.
Experience in Security audits, like SOX or similar.
Extensive work experience in SIEM tools and technologies This would require good knowledge of device configuration, implementation and troubleshooting critical issues.
Knowledge on end point security solutions like Antivirus (Symantec, McAfee etc.), HIDS, HIPS, Patch Management, and Log reviews.
Having good knowledge in vulnerability scanner configuration and administration also configuration and tuning of the log management / security event collection tools.
Good understanding and knowledge on Securing and hardening for windows, Unix/Linux operating systems.
|Задачи:||Management of security event and incident management solution, with specific focus on implementation for different countries|
Develop and Implement use cases for security event and incident management (leveraging SIEM solutions and other technologies) based on IBM Qradar
Validate and handover from implementations supplier all the operational manual, design, testing and full implementation documentation
Able to interact for any major technical issues and lead the discussion with the implementation partner in case of critical issues in fixing and trouble shouting
Identify technologies and solutions related to infrastructure and business applications that are to be monitored for security threat detection
Analyze and contextualize threat intelligence feeds (zero-day vulnerabilities, malware, etc.) and provide applicable solutions to implement protective controls and/or countermeasures
Perform analysis and identify opportunities tune and improve efficiency of SIEM, IDS/IPS, Malware detection technologies, and other technologies related to detecting emerging threats.
Good knowledge about process / metrics and controls. Ability to develop new process and reporting matrices as and when required.
Own security part during SOX audits, eliminate SOX report deviations (if any).
Direct report to Ericsson Program senior leaders.