4 Siem Management Jobs

Technical Skills Required : Demonstrated experience with deploying and operating network security tools, including but not limited to IDS, firewalls, proxies and security gateways; Demonstrated experience supporting and managing Linux operating systems; Advanced level knowledge of TCP/ IP networking concepts and protocols, advanced technical knowledge of network security; Good level knowledge of key network services and technologies and most common application protocols such as DNS, IPsec, HTTP/ HTTPS; Demonstrated experience with conducting threat and vulnerability management work program, including threat analysis, vulnerability scanning and remediation; Demonstrated ability to implement vulnerability mitigation at all levels of the OSI network model. Must be able to quantify the severity of discovered vulnerabilities and prioritize remediation efforts; Demonstrated experience using commercial vulnerability scanning tools. Ability to work with system and application owners to ensure remediation of discovered vulnerabilities and rectify any false positive conditions; Advanced knowledge of interpreted languages such as Perl, Python, PowerShell, or Bash in addition to compiled languages such as C ; Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility; Soft Skills Expertise : Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/ task force as a team member or leader, and with senior staff and managers; Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries even without active guidance from the management; Excellent communication skills both written and verbal include the capacity to communicate complex and technical issues in simple terms; Analytical skills required.

You will be providing tier two operational support and leading team efforts in resolving incidents and outages for information security technology and its dependencies on Public and Private Cloud computing environments, shared platforms, and operating systems for more than three of the following technologies: Malware Analysis, SIEM (Splunk), Software-defined (Cloud) Network Security, Endpoint Security Protection, and Data Loss Prevention. Your responsibilities will include ensuring the team's adherence to SOPs, providing training and performance monitoring for team members, and focusing on continuous process improvement for efficiency, including automation wherever applicable. You will also be conducting recurring assessments of all key SOC workflows to identify process deficiencies and improvement opportunities for staff. Additionally, you will be partnering with other technology teams to handle and respond to internal customer issues, conducting problem analysis, providing solutions for service level improvements, and ensuring timely remediation of security issues in accordance with corporate policies and standards. You will execute daily security technology administration functions, perform Root Cause Analysis (RCA) on applicable technology, and validate the quality of dashboards and alerts to suggest updates reflecting new threats and changes in the monitored environment. Furthermore, you will be supporting the Security Operations team in various technology projects and operational initiatives, working as part of a team to ensure that Guardian customers" data, technology platforms, and infrastructure are available and safeguarded from cyber threats. You will follow ITIL practices regarding incident, problem, and change management and stay up to date with emerging cyber threats, industry best practices, and applicable regulatory requirements. Required qualifications for this role include being curious and having a desire to analyze anomalies, a passion for learning and growing in Cybersecurity, a customer-focused demeanor, and a minimum of 3 years of proven experience in building and operating security controls in at least two of the specified domains. You should also have an understanding of security architecture, operating and troubleshooting principles of Microsoft Windows and Linux operating systems, as well as experience in SIEM management, endpoint security, security incident handling, data loss prevention, and threat intelligence. Preferred qualifications include recognized Security Industry and Public Cloud IaaS certifications, familiarity with security industry standards and best practices, and experience with ITIL and incident, problem, change, and risk management. This position can be based in Chennai or Gurgaon.,

Preferred Skill Set: - 1. Deploy, configure, and maintain open-source security tools 2. Experience with scripting languages such as Python or Bash. 3. Knowledge of IT infrastructure, networking, and security principles. 4. Experience with other monitoring and logging tools. 5. Understanding of cloud environments and integrations with Splunk. Roles And Responsibilities: - Install, configure, and maintain Splunk environments, including indexers, search heads, forwarders, and deployment servers. Monitor the health and performance of Splunk components and take proactive measures to ensure high availability and reliability. Plan and execute upgrades and patches to the Splunk environment. Onboard data from various sources, including logs, metrics, and events, ensuring data integrity and proper indexing. Create and manage data inputs, parsing rules, and data transformations. Implement and maintain data retention and archiving policies. Develop detection rules to support our SOCs alerting and response capabilities. Provide expert analytic investigative support to analysts for complex security incidents. Review security controls measures, identify gaps in the security architecture, and implement improvements or enhancements as needed. Deploy, configure, and maintain open-source security tools such as Snort, OSSEC, Suricata, OpenVAS, Zeek, Metasploit, and others. Train and mentor junior team members on the use and administration of open-source security tools. Collaborate with IT and development teams to integrate security tools into the overall security architecture and workflows. Design, implement, and manage security measures for cloud environments (e.g., AWS, Azure, Google Cloud). Configure and manage cloud security tools and services, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems. Develop and enforce DLP policies and rules to prevent data breaches and unauthorized data transfers. Customize DLP policies to meet the organization's specific needs and regulatory requirements. Conduct regular reviews and updates of DLP policies in response to evolving threats and business changes. Soft Skills: Excellent problem-solving and analytical skills. Strong communication and interpersonal skills. Ability to work independently and as part of a team. Attention to detail and a proactive approach to security issues. Certification: Splunk Administrator , CEH, CCSP, CISSP

Description We are seeking a skilled SOC L2/L3 Professional to join our security operations team in India. The ideal candidate will be responsible for monitoring security incidents, conducting in-depth investigations, and implementing effective security measures to protect our organization from cyber threats. Responsibilities Monitor security alerts and incidents, analyze security breaches, and respond to security incidents. Conduct thorough investigations of security events and provide detailed reports to management. Collaborate with other teams to implement security measures and enhance overall security posture. Maintain and update documentation related to incident response and security processes. Provide mentorship and training to junior SOC team members. Skills and Qualifications 4-6 years of experience in a Security Operations Center (SOC) environment. Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent. Able to work shifts on a rotating basis for 24/7 support of clients. Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc. Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures. Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc. Understanding of common network infrastructure devices such as routers and switches. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP. Basic knowledge in system security architecture and security solutions. Relevant certifications such as CISSP, CEH, CISM, or CompTIA Security+ are preferred.