Job
Description
Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Google Chronicle SIEM Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :The SIEM SME leads in architectural design, specification, and maintenance of Splunk/Google Chronicle Security products and services.Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer. Roles & ResponsibilitiesAnalyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breachPerform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal actionInterface with technical personnel and others teams as requiredMake recommendations on the appropriate corrective action for incidentsConfigure and manage Infrastructure Security and SIEM solutions.Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platformMonitor devices and correlation tools for potential threatsInitiate escalation procedure to counteract potential threats/vulnerabilitiesExperience building and maintain security incident correlation content (hands-on)Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysisOperational knowledge of system and network security engineering best practices and architectureWillingness to engage hands-on from inception to complete and audit to SIEMs deploymentProvide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMsCapable and willing to integrate multiple security control production into the SIEMs platformAppropriately inform and advise management on incidents and incident preventionEncourages and implements continuous improvement measures on day-to-day basisLeverages extensive knowledge of communications in a manner that provides business value to the IT OrganizationRequired to identify, assess, and resolve complex issues/problems within own area of responsibilityProvide Incident remediation and prevention documentationDocument and conform to processes related to security monitoringParticipate in knowledge sharing with other analysts and develop solutions efficientlyCoordinate or participate in individual or team projectsWrite technical articles for internal knowledge baseProvide performance metrics as necessaryDevelop and optimize technical processes and coordinate procedure documentation. Professional & Technical Skills: Must have working experience in Google Chronicle SIEM/SOAR as SME. At least 8+ years of experience in Information Security, Risk Management, Infrastructure Security and ComplianceSecurity device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a serviceExperience in deploying different type of forwarders and AppsDeep knowledge in AWS services and serverless architectureExpertise in UNIX, Linux, and Windows - able to tear down and rebuild a host systemExperience with Database installation and configuration is required and Oracle experience is a plusExploit and detection analysis skills, including ability to analyze logs for useful information and patternsInstall, configure, tune, and maintain the Splunk SIEM componentsPrimarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.Assist with event source auditing configurations, integration with various security platforms, network devices, and systemsExpert in development of Regular Expression (REGEX)Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others those are required for Security Information and Event Management. Experience working in a diversified, virtual environment.Administrational tool development and maintenance.Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIADesirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision. Additional InformationBachelors and above degree in Computer Science, Information & Technology, MIS, Engineering. Qualification 15 years full time education
