AVP-SIEM

Position - AVP - SIEM Engineer

Must Skillset - SIEM Engineer + Splunk + Cribl (hands on) and Strong Scripting experience. (Python, JavaScript, Ansible etc)

Experience - 10 to 15 years

Qualifications:

At least 7+ years of experience in technology with emphasis on cyber security.

At least 4+ years of experience in products such as Splunk, Cribl, 7AI, Torq, Elastic, Datadog, AWS CloudTrail, cloud watch, Azure event hub, AWS S3, etc.

At least 2+ years of experience in Data Lake and data warehouse using products such as AWS S3, Snowflake, Databricks, etc.

Experience with scripting is highly preferred like Python, JavaScript, Ansible etc.

Experience in creating trending, metrics, and management reports

Experience working in complex and large-scale environments.

Familiar with industry security regulations and frameworks (MITRE ATT&CK Framework, CRI, etc.)

Experience in creating trending, metrics, and management reports

Knowledge of Common Information Model mapping is required

Working knowledge in RegEx, Search Processing Language (SPL), Kusto Query Language (KQL), etc. is required.

Experience working in the financial services (Top 10 banks preferred) with knowledge of regulations such as FFIEC, SOX, or other highly regulated industries such as healthcare, utilities, or aerospace.

Knowledge and experience operating in hybrid-cloud environment.

Knowledge and experience with SIEM management solutions.

Knowledge of networking fundamentals (e.g. TCP/IP) and strong troubleshooting skills.

Knowledge of modern security principles and their practical applications.

Knowledge and experience in AWS or Azure

Responsibilities:

· Must be a technical expert on SIEM products (Splunk, Cribl, 7AI) and associated technology.

· Continuously research and identify opportunities to apply industry best practices and standards to improve our SIEM platforms. Engineer and implement various solutions on SIEM platforms as per business requirements.

· Define platform standards including data schema, modelling, normalization, monitoring and alerting that include SIEM products, AWS S3 and data warehouse products.

· Should have a good understanding of MITRE ATT&CK and CRI frameworks that include detection of security incidents and threat hunting by leveraging advanced security analytics.

· Must have experience in dashboard and reporting as per requirements.

· Should have experience in AI and ML to build the modern SIEM and data monitoring solution.

· Must be able to configure SIEM products with different policies, rules and configurations.

· Must be able to customize SIEM solutions when out‑of‑the‑box functionality does not meet requirements. Define standard patterns to integrate different systems into SIEM platforms.

· Identify opportunities to enhance the current baseline processes and configuration.

· Develop clear engineering, integration, and process documentation, and produce a variety of SIEM‑based reports to support operational and security needs. Manage vendor relationships to drive roadmap, solution design, implementation and troubleshooting.

· Collaborate with key service stakeholders to ensure expectations are clearly understood and requirements are consistently met. Capable of conducting proofs of concept (POCs) for new features to develop and validate innovative solutions. Strong functional understanding of servers, middleware, cloud environments (SaaS, PaaS, IaaS), and containerized systems to determine the appropriate approach for SIEM integration. Lead pro-active System Security Specific reviews and self-assessments of the policies, procedures and systems, including but not limited to distributed computer systems, Internet, Intranet, and Extranet networks.

· Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.

· Ability to provide technical directions to other peer staff members, and to train new staff on the security team.