SOC Engineering Lead

Job Purpose and Key Responsibilities:

• Handle different EDR and XDR tools.
• Lead the deployment and implementation of SIEM solutions, ensuring they meet organizational security requirements.
• Integrate various log sources into the SIEM platform, ensuring comprehensive data collection and analysis.
• Performing updates and patches to SIEM Systems and ensuring system scalability and availability.
• Integrating SIEM with other security tools and ensuring seamless dataflow and interoperability
• Document configurations, processes, and procedures related to the SIEM platform to ensure clarity and consistency.
• Creating dashboards and custom reports for metrics and health monitoring.
• Ensure the SIEM platform complies with relevant security standards and regulations
• Troubleshoot log collection and integration problems
• Monitor the performance of the SIEM platform, identifying and resolving any issues that arise.

Primary Role & Responsibilities:

• Deep understanding of cybersecurity principles, threats and mitigation techniques.
• Strong skills in analyzing security data and logs to identify patterns and anomalies.
• Strong understanding of log collection, normalization and analysis.
• Understanding of SIEM architectures and deployment scenarios.
• Experience integrating SIEM with various log sources and security tools.
• Hands-on experience installing and configuring SIEM solutions.
• Ability to gather and understand Security requirements for use case/detection rule creation.
• Expertise in creating and modifying detection rules, correlation rules and alerting mechanisms.
• Skills in fine-tuning and optimizing use cases/detection rules for performance and accuracy.
• Expertise with developing Detection rules on SIEM platforms such as Microsoft Sentinel, Sumo Logic, Google Chronicle.
• In-depth knowledge of each phase of the Cyber Incident Response life cycle
• Expertise in Operating Systems (Windows/Linux) operations and Networking technologies.
• Familiarity with Cyber Kill Chain and MITRE ATT&CK Framework and how to leverage in Security Operations
• Ability to recognize suspicious activity/events, common attacker TTPs, perform logical analysis and research to determine root cause and scope of Incidents
• In-depth knowledge of one or more SIEM Platforms like Microsoft Sentinel, SumoLogic, Google Chronicle.
• Strong troubleshooting skills to resolve issues related to SIEM deployment and operation.
• Experience with databases like SQL, NoSQL and understanding data structures Experience implementing ETL solutions to work with Log ingestion into SIEM, Such as Cribl or Logstash

Key Skills, Experience & Knowledge:

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field; advanced degree preferred.
• Handle different EDR and XDR tools.
• 5+ years of experience in different SOC tools and in handling SIEM solution.
• Experience configuring SIEM platforms.
• Proficiency in various OS environments such as Windows, Linux and Unix.
• Ability to configure log sources, parse logs and understanding correlation rules.
• Familiarity with Cyber Kill Chain and MITRE ATT&CK Framework and how to leverage in Security Operations
• Familiarity with ETL solutions
• Understanding of network architecture and network security fundamentals.
• Proficiency in scripting languages (e.g., Python, Bash, Powershell)

Key Skills/Knowledge:

• Certified in Security +, Splunk Certified Phantom Admin, IBM Certified Deployment Professional, Cortex XSOAR Engineer, Azure Security Engineer or any other SOAR/ Cloud related Certifications.
• Understanding of the MAGMA use case framework.
• Experience of working with diverse teams and is a team player.
• Certified in Security +, Splunk Certified Phantom Admin, IBM Certified Deployment Professional, Cortex XSOAR Engineer, Azure Security Engineer or any other SOAR/ Cloud related Certifications.

Previous experience in a Security operations or similar environment.

Key Relationships & Contacts:

• Digital Leadership Team
• ICS Leadership Team
• Business Stakeholders
• Digital Programme/Portfolio Managers in all functions