SOC CSIRT-Solution Expert

Job Description

We're seeking a highly experienced and technically proficient SOC CSIRT - Solution Expert (L3) to join our team. This role demands extensive expertise in Security Information and Event Management (SIEM) solutions, particularly with QRadar, and a strong understanding of XSIAM/XDR. You'll be instrumental in managing critical security infrastructure, developing automation playbooks, and ensuring robust incident response capabilities. Key Responsibilities: SIEM Solution Management: Oversee SIEM management , including log source integration (ingestion parser selection) and custom DSM/parser development and maintenance . Develop and refine correlation rules within the SIEM to enhance threat detection. Possess and apply XSIAM / XDR global knowledge to optimize security operations. Proactively manage and address log source loss issues to maintain comprehensive visibility. CSIRT Infrastructure Management: Manage and secure environments across AWS and GCP cloud platforms . Administer and maintain both Windows and Linux systems crucial for CSIRT operations. Develop and maintain automation scripts, primarily in Python , with additional experience in Bash/PowerShell scripting . Utilize ITSM processes for efficient incident and change management. Automation Development: Develop sophisticated playbooks in XSIAM for automated threat response and orchestration. Develop effective playbooks in XSOAR for security orchestration, automation, and response. Reporting Management (Nice to Have): Utilize PowerBI for reporting on security metrics and incident trends. Required Skills & Experience: Total Years of Experience: 8+ Years Relevant Years of Experience: 5+ Years (L3 level) Mandatory Skills: Strong SIEM expertise, specifically with QRadar . In-depth XSIAM / XDR global knowledge . Proven experience in developing playbooks in XSIAM and XSOAR (minimum 5 years of relevant experience). Desired/Secondary Skills: Python, Bash, PowerShell scripting, AWS, GCP, Windows, Linux, ITSM process usage, PowerBI. Domain: Solution Expert - CSIRT_SOC