Job Opening LogRhythm L2 Engineer

Job Description

Key Responsibilities: - Advanced Log Monitoring and Analysis: - Conduct deeper analysis of security events and alerts generated by LogRhythm, correlating data across various sources to identify potential security threats. - Perform advanced triage, classification, and root cause analysis of escalated security incidents. - Utilize the LogRhythm SIEM platform to investigate complex security events, identifying patterns and relationships in logs to identify potential malicious activities. - Incident Escalation and Resolution: - Take ownership of high-priority and complex security incidents, working closely with the Level 1 team to provide expertise and guidance. - Engage with incident response teams to perform deeper forensic analysis and assist with the containment, mitigation, and recovery phases of security incidents. - Document and communicate incident findings, ensuring a clear and concise record of the investigation and resolution process. - LogRhythm Platform Management: - Manage and optimize the LogRhythm SIEM platform to ensure data collection, parsing, and normalization are functioning effectively. - Develop and fine-tune correlation rules, detection use cases, and custom reports to improve detection capabilities and reduce false positives. - Provide recommendations for system enhancements and adjustments based on findings from incidents or emerging threats. - Threat Intelligence Integration: - Integrate and manage threat intelligence feeds within LogRhythm to enhance detection capabilities. - Analyze and correlate threat intelligence data with internal security logs to identify external and internal threats in real-time. - Security Tool Configuration and Tuning: - Configure and tune security tools (firewalls, endpoint detection and response (EDR), intrusion detection/prevention systems (IDS/IPS)) to optimize integration with the LogRhythm platform. - Work with the team to enhance detection rules and improve threat coverage based on new attack techniques and tactics (e.g., MITRE ATT&CK framework). - Collaboration and Knowledge Sharing: - Collaborate with the L1 team, senior engineers, and other stakeholders in the security operations lifecycle to ensure smooth and effective incident handling. - Provide mentoring and training to junior engineers and analysts in best practices for incident response and SIEM platform usage. - Participate in security operations meetings, helping to continuously refine and improve processes. - Reporting and Compliance: - Assist in generating reports for security incident analysis, compliance audits, and management reviews. - Support internal and external audits, providing data, logs, and documentation as needed. - Help track security metrics and performance indicators to support security operations reporting. - Continuous Improvement and Research: - Stay updated on the latest trends in cybersecurity threats, vulnerabilities, and defense mechanisms to enhance the teams capabilities. - Suggest improvements to the security monitoring processes and help implement new detection technologies and methodologies. Skills & Qualifications: - Technical Skills: - Advanced proficiency with LogRhythm SIEM platform (experience with other SIEM platforms like Splunk, QRadar, or ArcSight is a plus). - In-depth understanding of network protocols (TCP/IP, DNS, HTTP, etc.), security devices (firewalls, IDS/IPS, etc.), and endpoint security technologies (EDR, antivirus, etc.). - Hands-on experience with log analysis, data correlation, and incident investigation. - Familiarity with threat intelligence tools, data sources, and feeds. - Strong understanding of security frameworks, including MITRE ATT&CK, NIST, and OWASP. - Experience: - Minimum of 4–6 years of experience in cybersecurity, IT security operations, or incident response. - Prior experience in a Security Operations Center (SOC) or handling security incidents in an enterprise environment. - Experience with security monitoring, SIEM platform tuning, and threat detection engineering. - Soft Skills: - Strong analytical, problem-solving, and troubleshooting skills. - Excellent communication skills, with the ability to clearly explain complex technical concepts to both technical and non-technical stakeholders. - Ability to work well under pressure and in a fast-paced environment, managing multiple tasks effectively. - Certifications (Preferred but not required): - CompTIA Security+, CEH or similar certifications. - LogRhythm Certified Security Engineer or other relevant certifications. Education: - Bachelor’s of Technology in Computer Science, Information Security, or related field, or equivalent work experience.