Job Description
Responsibilities
ArcSight SIEM, EDR, AV, Email Security, CSPM, WAF administration and operation management
Ensuring availability of all SOC tools and ensuring ROI of investment in technology
Custom/unsupported devices integration with ArcSight SIEM and use cases creation.
Content creation on SIEM to cover all stages of MITRE.
EDR, CSPM, MDO policy fine-tuning.
Design, develop, monitor, adhere to various SLAs/KPIs/KRIs applicable to Security Operations Centre.
Creation of customized reports and dashboards for presentation to various stakeholders.
Identify and address technical or operational risks.
SIEM and other security platform performance and capacity management
Develop and maintain technology architecture cost and return on investment (ROI) models to assess architecture change.
Should be able to perform analysis of logs from various devices and develop use cases considering evolving threat landscape for anomaly detection.
Lead any module within Security Operations Center like Threat Hunting, Threat Intelligence, Content Management etc. to improve overall detection & response capabilities.
Well versed with logging standard development and device onboarding/log source integration of diversified devices including the ones not supported by SIEM OEM.
Should have clear understanding of MITRE framework and how to operationalize the same across multiple functions of SOC.
Handle 24*7 operations and support various SOC activities
Good Communication Skill and stakeholder management is imperative.
Qualifications
Educational qualifications:
Bachelor's degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
Advanced certification desirable RHEL certified, ArcSight Admin, AZ-900, CISP, CCSP, AWS Certified Solution Architect Associate, Google Cloud Professional Security Engineer, Microsoft Certified: Azure Security Engineer Associate.
Experience
Minimum 5+ year of experience in Engineering Admin and overall, 10+ Years of experience in Cyber Security
Strong experience in ArcSight SIEM, EDR, CSPM architecture, administration.
Proven experience in assessing, designing, deploying, and operating SIEM platforms.
Expertise in SIEM use cases creation.
Expertise in CSPM policy creation and fine-tuning.
Experience in defining best practices for optimized application and platform performance.
Demonstrated expertise in modifying configurations that improve SIEM performance.
Proficient in Kusto query language (KQL) and experienced in developing use cases.
Strong technical knowledge of Linux, Firewalls and Load Balancing principles.
Deep IT industry knowledge in specific areas related to Security like VM, AVM etc, Managed Security Services etc.
Can validate/evaluate if an information systems or operational architecture meets technical requirements and specifications.
Familiar with multiple architectural, development and operational methodologies.
