Siem Administrator - SSE / TL

Required Details:

Experience: 3-9 Years

Location: Pune

Employment: Permanent Full Time

Mode: Hybrid

*****Looking for candidates who can join Immediately to 20 Days max (Sep month joiners) ***

Role & responsibilities

Job Summary
We're seeking a skilled and experienced SIEM Administrator to join our cybersecurity team. The ideal candidate will be responsible for the full lifecycle of our Security Information and Event Management (SIEM) platforms. This includes the design, implementation, and maintenance of solutions to centralize and analyze security data from across our on-premises and cloud environments. You'll play a critical role in enhancing our threat detection capabilities, incident response processes, and overall security posture.

Responsibilities
* Platform Management: Administer and maintain our SIEM solutions, including Splunk, Azure Sentinel, and Google Chronicle. This involves managing instances, ensuring platform health, and applying updates and patches. * Log Ingestion & Data Onboarding: Design and implement robust log collection strategies. Onboard new data sources from a variety of endpoints, servers, network devices, and applications, ensuring data is correctly parsed and normalized. * Rule & Dashboard Development: Create, tune, and maintain custom correlation rules, alerts, and dashboards to detect threats and suspicious activity. Use query languages like Splunk SPL, KQL (Kusto Query Language), and Google Chronicle's YARA-L to build effective detections. * Incident Response Support: Collaborate with security analysts to investigate alerts and incidents. Provide technical expertise to troubleshoot data gaps and enrich security events for effective analysis. * Cloud Security Expertise: Work with cloud environments like AWS, Azure, and Google Cloud Platform (GCP) to integrate cloud-native logs and services into the SIEM. Understand cloud security logging best practices. * EDR & SOAR Integration: Implement and manage integrations with Endpoint Detection and Response (EDR) solutions to enhance endpoint visibility. Configure and develop playbooks on Security Orchestration, Automation, and Response (SOAR) platforms to automate incident response workflows and reduce manual tasks. * Documentation & Reporting: Maintain detailed documentation of SIEM configurations, data sources, and procedures. Generate security reports for management and compliance purposes. * Automation: Use scripting languages such as Python or Bash to automate repetitive tasks and improve operational efficiency.

Preferred candidate profile

Proven hands-on experience as a SIEM Administrator, specifically with Splunk, Azure Sentinel, or Google Chronicle.

* Strong knowledge of security concepts, including network protocols, attack vectors, and threat intelligence.

* Proficiency in creating complex queries and detection rules in SIEM platforms.

* Experience with cloud security and integrating logs from major cloud providers.

* Practical experience in implementing and integrating EDR and SOAR solutions.

* Problem-Solving:

Strong troubleshooting and analytical skills with a keen eye for detail.

* Soft Skills: Excellent communication and teamwork abilities to collaborate with different teams, including security operations and IT.

If above JD matches your profile kindly share resume to lakshmi.naidu@citiustech.com with below details:

Total Experience:

Relevant Experience in SIEM (Splunk):

Current CTC:

Expected CTC:

Notice Period:

Current location:

Are you available for virtual interview on Saturday (13th Sep)?