Principal Engineer - SIEM | On-site, Bangalore
Location
Bangalore | India
Job description
The Principal SIEM Engineer works as a member of the Cyber OperationsTeam. The primary focusforthis role is to act as a Subject Matter Expert and be able to configure, manage, operate and administrate the platform for managed SIEM.
The successful candidate will possess deep technical knowledge on a number of security technologies to include cloud technologies (i.e. AWS, GCP, Azure) have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM management solutions. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.
How You'll Make an Impact
- Subject matter expert for onboarding SIEM components for existing and newclients.
- Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
- Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
- Working experience with Threat intelligence teams to be able to interpret IOC's and use them efficiently for alerting.
- Experience using multiple online sources in order to identify new threats
- Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
- Create technical documentation around the content deployed to the SIEM
- Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
- Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
- Manage appliance or virtual appliance OS and SIEM software.
- Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
- Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
- Perform formal Health Check and administrative password change.
- Perform formal Architectural Review.
- Create custom rules/rule modifications and custom reports/ report modifications as needed.
- Manage SIEM user accounts (create, delete, modify, etc.).
- Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
- Manage product enhancement/feature requests with vendors as needed.
- Perform software upgrades, updates, and patches as needed.
- Create client-specific Watch Lists if necessary.
- Perform technical account management duties for specific top-tier, strategic clients.
- Responsible for major SIEM client environmental changes including upgrades.
- Create custom documentation for internal and external needs.
- Responsible for mentoring and training of SIEM Engineer II employees
- Attend vendor-specific meetings and conferences for business and professional development.
- Responsible for testing and configuring new products and technologies.
What we're looking for
- Bachelor of Science degree in Computer Science or related field is required
- 8+ years of experience in SIEM.
- Subject matter expert for onboarding SIEM components for existing and newclients.
- Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
- Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
- Working experience with Threat intelligence teams to be able to interpret IOC's and use them efficiently for alerting.
- Experience using multiple online sources in order to identify new threats
- Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
- Create technical documentation around the content deployed to the SIEM
- Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
- Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
- Manage appliance or virtual appliance OS and SIEM software.
- Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
- Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
- Perform formal Health Check and administrative password change.
- Perform formal Architectural Review.
- Create custom rules/rule modifications and custom reports/ report modifications as needed.
- Manage SIEM user accounts (create, delete, modify, etc.).
- Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
- Manage product enhancement/feature requests with vendors as needed.
- Perform software upgrades, updates, and patches as needed.
- Create client-specific Watch Lists if necessary.
- Perform technical account management duties for specific top-tier, strategic clients.
- Responsible for major SIEM client environmental changes including upgrades.
- Create custom documentation for internal and external needs.
- Responsible for mentoring and training of SIEM Engineer II employees
- Attend vendor-specific meetings and conferences for business and professional development.
- Responsible for testing and configuring new products and technologies.
- Assist with designing and documenting work processes within the SOC.
- The role demands the availability for US working hours (5PM (IST) to 3AM (IST))
- This role is Work From Office role .
If you are seeking a culture that supports growth, fosters success, and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government, and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services, and Identity and Data Management.
With Optiv you can expect
. A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+) , Veterans Support Network, and Women's Network.
. Work/life balance.
. Professional training resources
. Creative problem-solving and the ability to tackle unique, complex projects
. Volunteer Opportunities. 'Optiv Chips In' encourages employees to volunteer and engage with their teams and communities.
. The ability and technology necessary to productively work remote/from home (where applicable)
Job tags
Salary