Siem Administrator

As a SIEM Engineer you will be responsible for implementation and deployment of new SIEM projects; and managing and providing SIEM health and operational support, including supporting to architecture changes, tool deployments and advanced detection engineering.

ResponsibilitiesUnderstand SIEM product architecture.
Ensure up-time of SIEM components.
Perform daily SIEM Health Check & Availability monitoring.
Understanding logs, Log formats, identify appropriate information for Log parsing and SIEM rule creation, Log Source Review
Suggest logging levels and baseline log sources.
Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies
SIEM Content Development Keep a track of latest patches major version upgrades released by vendors.
Log Retention Define and manage the log retention for all integrated devices as per defined agreement.
Data Enrichment and asset modelling.
Custom integration – Develop parsers for non-supported log sources as per scope.
You will be closely working with Security Operations Center (SOC), Threat Intelligence, Threat Hunt, Automation and Orchestration teams to develop and operationalize meaningful security alerting and ensuring platform health and uptime.
SIEM (Cortex XSIAM\Splunk, Chronicle\Qradar\Micro Focus ArcSight\Microsoft Sentinel\LogRhythm\Nitro) configuration management, troubleshooting, addressing complex issues and day to day operations management.
Keep abreast of latest IT security, regulatory and compliance trends to support various risk\data models.
Ready to work in 24x7 rotational shift model including night shift.