Responsibilities:
- Design deploy and maintain SIEM solutions
- Configure and finetune log sources collectors and agents
- Develop and implement use cases correlation rules and alerts
- Monitor and analyze security events and alerts generated by the SIEM system
- Investigate and respond to security incidents performing root cause analysis and recommending corrective actions
- Conduct threat hunting activities to identify potential security risks
- Ensure comprehensive log collection and retention across various IT systems and applications.
- Perform regular log analysis to identify and mitigate security threats
- Develop and maintain dashboards and reports for security metrics and trends
- Work closely with other IT and security teams to integrate SIEM with other security tools and processes
- Provide technical guidance and training to junior analysts and other team members
- Communicate effectively with stakeholders to report on security incidents and system performance
- Stay updated on the latest cybersecurity threats trends and technologies
- Recommend and implement improvements to the SIEM system and related processes
- Participate in security audits and assessments ensuring compliance with industry standards and regulations
- SIEM Enhancement and Tuning.
- Review the SIEM logs for emerging threats and vulnerabilities identifying areas for improvement in detection and correlation
- Rule and alert optimization: Finetune existing SIEM rules and alerts to minimize false positives and negatives ensuring efficient incident identification and response
- Log source management: Continuously integrate new log sources and optimize existing ones for efficient data collection and analysis
- Develop custom SIEM rules dashboards and reports to address specific SOC team requirements and security needs.
- Monitor and optimize SIEM performance to ensure efficient resource utilization and timely incident detection.
- Requirement gathering and analysis: Actively engage with the SOC team to understand their security monitoring needs and translate them into actionable SIEM configurations
- Generate regular reports on SIEM activity security incidents and tuning efforts fostering clear communication with the SOC team
- Provide training to SOC analysts on SIEM usage best practices and newly implemented features
- Collaborate with the SOC team to identify and implement improvements to the overall security monitoring posture.
- Escalation and Issue Management: Defined escalation
- procedures: Establish clear escalation procedures for highpriority incidents ensuring timely communication and resolution
- Effectively communicate and collaborate with local IT support and security vendors to resolve escalated issues.
- Track escalated issues through resolution documenting steps taken and outcomes for future reference
- The SIEM Analyst will work on regular tuning and optimization of SIEM use cases leading to more effective monitoring reducing false positives and ensuring accurate detections.
- The SIEM Analyst will work with the SOC team to add new use cases to monitor emerging threats and respond quickly to changes in attack patterns ensuring proactive security coverage.
- The SIEM Analyst will work to ensure that NWS assets are continuously updated in the SIEM allowing for accurate monitoring and early detection of potential security incidents involving critical assets.
- The SIEM Analyst will work on regularly updating the SIEM in response to NWSs IT environment changes ensuring continuous and comprehensive security coverage.
- The SIEM Analyst will provide updates and reports on SIEM system performance and improvements ensuring that all stakeholders are informed about the systems current state and enhancements.
Requirements
- Minimum of 5 years of experience in cybersecurity with a focus on SIEM technologies.
- Proven experience with LogRhythm SIEM platform.
- Certified LogRhythm Engineer (preferred).
- Handson experience with log management threat detection and incident response.
Minimum of 5 years of experience in cybersecurity with a focus on SIEM technologies. Proven experience with LogRhythm SIEM platform. Certified LogRhythm Engineer (preferred). Hands-on experience with log management, threat detection, and incident response.