Key Responsibilities: • Administration and management support of CrowdStrike Next-Gen SIEM/EDR • Perform threat research and threat hunting to identify emerging tactics, techniques, and procedures (TTPs) to build detection requirements using an intelligence driven approach • Develop, test, and deploy actionable high fidelity CrowdStrike Next-Gen SIEM detection rules. • Collaborate with Security Analysts to create playbooks for triage and response for actionable high-fidelity detections • Collaborate with SIEM architects to develop and define best practices for parsing data and normalizing data to a common event schema • Build and maintain utilities and tools to enable the managed services team to operate quickly and at a large scale • Analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents • Develop and maintain processes and documentation
Key Responsibilities: • Architecting & Designing Next-Gen SIEM/EDR. • Perform as the subject matter expert on any of the above solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. • Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. • Content development (Use case development) which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems • Work with the wider Delivery teams and customer to create SOC playbooks covering the SIEM and SOC setup • Create and configure SOAR workflows • Configure correlation searches and alerting including tweaking alerts to reduce false positives • Act as the SME for SIEM deployment and configure to assist delivery teams with the ingestion of data sources (AWS/Qualys) into the SIEM • Assist teams on implementation of SIEM alerts into Jira to track/manage alerts • Assist with setup and configuration of SIEM severity priorities in line with SLAs in both the SIEM, SOAR and Jira • Create and configure dashboards which can be used for reporting and incident response Skills Required Skills and Qualifications: • B. Tech./ B.E. with sound technical skills • Strong command on verbal and written English language. • Demonstrate both technical acumen and critical thinking abilities. • Strong interpersonal and presentation skills. • Minimum 10+ years of Hands-on experience of operating/implementing the above security tools. • Certification in any of the SIEM platforms is a plus
FIND ON MAP