Company Size
Largescale / Global
Experience Required
6 8 years
Working Days
5 days/week
Office Location
Uttar Pradesh Noida
Role & Responsibilities
- Devise a comprehensive log ingestion strategy
- Create meticulous and effective correlation rules
- Finetune log sources and correlation rules to enhance system efficiency
- Contribute to the development of detection strategies based on industry best practices
- Articulate a stepbystep process to ensure the ingestion of highquality log sources
- Monitor and optimize log sources for optimal performance
- Serve as the subject matter expert (SME) in SIEM and SOAR correlation and log source ingestion
- Leverage your indepth knowledge of SIEM and SOAR and SOC practices to assess customer needs provide tailored recommendations and assist in the formulation of effective security strategies
- Produce technical documentation detailing SIEM and SOAR aspects of the engagement
Ideal Candidate
- 6 years of experience in deploying and integrating (SIEM) to enterprise to large enterpriselevel
- Deep expertise with load transformation and correlation of sources such as Cloud Endpoint Firewall
- Coordinating and conducting event collection log management event management compliance automation and identity monitoring activities using (SIEM) platforms
- Architectlevel individual with experience in SIEM (Splunk Netwitness QRadar Arcsight etc.). Candidates with QRadar experience will be preferred.
- Ability to perform Threat Hunting exercises from telemetry.
- Extensive experience in creating and developing correlation and detection rules within a SIEM to support alerting capabilities.
- Strong Regular Expression skills.
- A proven ability to offer suggestions on detection strategy based on customer requirements.
- Knowledge of Security Analysis Response a plus including both endpoint network & cloudbased environments.
- Strong technical skills in SIEM / SOAR tools and technologies
- Experience in developing and implementing security strategies
- Experience in conducting security incident response
- Ability to define and design security controls based on NIST CIS CSA and other standards
- Certifications such as CISSP CISM GIAC SIEM Vendor Qualification would be a plus.
- Excellent communication and interpersonal skills.
cloud security,network security,security,cissp,soar,correlation,nist,cis,endpoint security,management,security incident response,correlation rules,threat hunting,giac,splunk,siem,security strategies,log sources,csa,cism,netwitness,cloud,qradar,regular expression