SIEM Administrator/Content/usecase Developer

o Monitor health of SIEM components and create incidents to the support team for action.

o Create use cases to find the malicious activity in the infrastructure.

o Aware of current attacks and implement new use cases to avoid impact of prevailing attacks in cyber world.

o Create rules, reports, dashboards as per requirement

o Work with internal teams to obtain an in-depth understanding of security requirements in order to translate

them into policies, procedures, and plans.

o Analyzing new features and hot fixes released by SIEM and plan the upgrades as required

o Patch upgrades

o Overall Version upgrades to avail new features and enhancements

o Work with vendors to resolve SIEM component and infrastructure issue

o Trouble shooting log sources not reporting issues

SIEM Engineering:

o SIEM access control management (add, delete and audit)

o Ensure daily data and configuration backup and event retention period

o SIEM platform administration, Use case management, threat hunting.

o Onboarding log sources, writing custom parses, developing new Use cases, rules, correlations, dashboards

reports to meet the customer needs

o Design and document of SIEM Use Cases to meet the customer needs the threat landscape

o Work with SOC Leads to find opportunities in fine tuning the use cases, improving event Fidelity rate for

efficient security operations.

o Verification of data of log sources in the SIEM follow the Common Information Model (CIM)

o Establish robust KEDB SOPs for security events

o Offer consultative advice in security principles and best practices related to SIEM operations.

o Supporting SOAR platform, including related work in our SIEM.

o Manage an inventory of SOAR integrations that enable broader playbook creation

o Join forces with our SIEM, SOC, Threat Detection, and Incident Response teams to build high-impact

features, identify strategic cyber initiatives, and create response and detection processes, and playbooks.

o Log source integration, KQL queries and SIEM use case development, Scripting

o Develop custom content using advanced SPL/ KQL and data models or other network security tools to detect

threats and attacks against the department.

o Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and

vulnerabilities

o Creating and implementing content in EDR, SIEM, and SOAR etc

o SNOW Engineering for security feeds.