Job
Description
About The Role
Project Role :Security Architect
Project Role Description :Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills :Security Information and Event Management (SIEM)
Good to have skills :NA
Minimum 5 year(s) of experience is required
Educational Qualification :15 years full time education
Summary:The SIEM SME leads in architectural design, specification, and maintenance of Sentinel and/or Splunk Security products and services. Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer
Roles & Responsibilities:
Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action Interface with technical personnel and other teams as required Make recommendations on the appropriate corrective action for incidents Configure and manage Infrastructure Security and SIEM solutions. Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platformMonitor devices and correlation tools for potential threatsInitiate escalation procedure to counteract potential threats/vulnerabilitiesExperience building and maintain security incident correlation content (hands-on) Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysis Operational knowledge of system and network security engineering best practices and architecture Willingness to engage "hands-on" from inception to complete and audit to SIEMs deployment Provide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMs Capable and willing to integrate multiple security control production into the SIEMs platform Appropriately inform and advise management on incidents and incident prevention Encourages and implement continuous improvement measures on day-to-day basis Leverages extensive knowledge of communications in a manner that provides business value to the IT Organization Required to identify, assess, and resolve complex issues/problems within own area of responsibility Provide Incident remediation and prevention documentationDocument and conform to processes related to security monitoringParticipate in knowledge sharing with other analysts and develop solutions efficientlyCoordinate or participate in individual or team projectsWrite technical articles for internal knowledge baseProvide performance metrics as necessaryDevelop and optimize technical processes and coordinate procedure documentation.
Professional & Technical Skills:
At least 8+ years of experience in Information Security, Risk Management, Infrastructure Security and ComplianceSecurity device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.) Hands on experience in supporting AWS and Azure Assets, especially supporting Sentinel and/or Splunk deployment in AWS/Sentinel and/or Splunk ES as a serviceExperience in deploying different type of forwarders and AppsDeep knowledge in AWS services and serverless architectureExpertise in UNIX, Linux, and Windows - able to tear down and rebuild a host system Experience with Database installation and configuration is required and Oracle experience is a plus Exploit and detection analysis skills, including ability to analyze logs for useful information and patternsInstall, configure, tune, and maintain the Sentinel and/or Splunk SIEM componentsPrimarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.Assist with event source auditing configurations, integration with various security platforms, network devices, and systems Expert in development of Regular Expression (REGEX) Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others that are required for Security Information and Event Management.
Additional Information:A 15-year full time education is required.Bachelor's and above degree in Computer Science, Information & Technology, MIS, Engineering. Experience working in a diversified, virtual environment.Administrational tool development and maintenance.Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIADesirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision.
Qualification 15 years full time education
