Team Lead – SIEM Admin – Security Operations Centre
Head Cybersecurity Operations
Our Cyber Security Operation function works to continuously strengthen cyber security posture through research, threat simulations, threat hunting, and offensive security engagements. This position will be responsible for analyzing, designing, and developing commercially viable end-to-end technical solutions based on business needs. In support of these, the role will include developing advanced correlation rules, reports, and dashboards to detect emerging threats in SIEM & Cloud platforms.You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.
Roles and Responsibilities
Sentinel SIEM administration and operation management
Custom/unsupported devices integration with Sentinel SIEM and use cases creation
Content creation on SIEM to cover all stage of MITRE
Design, develop, monitor, adhere to various SLAs/KPIs/KRIs applicable to Security Operations Centre.
Creation of customized reports and dashboards for presentation to various stakeholders.
Identify and address technical or operational risks.
SIEM and other security platform performance and capacity management
Develop and maintain technology architecture cost and return on investment (ROI) models to assess architecture change.
Should be able to perform analysis of logs from various devices and develop use cases considering evolving threat landscape for anomaly detection.
Lead any module within Security Operations Center like Threat Hunting, Threat Intelligence, Content Management etc. to improve overall detection & response capabilities.
Well versed with logging standard development and device onboarding/log source integration of diversified devices including the ones not supported by SIEM OEM.
Should have clear understanding of MITRE framework and how to operationalize the same across multiple functions of SOC.
Handle 24*7 operations and support various SOC activities
Good Communication Skill and stakeholder management is imperative.
Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent).
Advanced certification desirable AZ-900, CISP, CCSP, AWS Certified Solution Architect – Associate, Google Cloud Professional Security Engineer, Microsoft Certified: Azure Security Engineer Associate.
Strong experience in Microsoft Sentinel architecture, administration.
Proven experience in assessing, designing, deploying, and operating SIEM platforms.
Expertise in SIEM use cases creation
Experience in defining best practices for optimized application and platform performance.
Demonstrated expertise in modifying configurations that improve SIEM performance.
Proficient in Kusto query language (KQL) and experienced in developing use cases.
Strong technical knowledge of Linux, Firewalls and Load Balancing principles.
Deep IT industry knowledge in specific areas related to Security like VM, AVM etc, Managed Security Services etc.
Can validate/evaluate if an information systems or operational architecture meets technical requirements and specifications.
Familiar with multiple architectural, development and operational methodologies.