SIEM Skills
- Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents.
- Knowledge Integrating various log sources like Windows, Linux, Pala alto firewall , AWS, Etc.
- To provide continual correlation rule tuning, incident classification and prioritization recommendations.
- Report query adjustments, and various other SIEM configuration activities.
- Ability to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources.
- Work closely with the other teams related to Network, Device, Policy, connectivity issues etc.
- Identify new opportunities/threats in the network to improve the security of the network
- Monitor and administer enterprise log correlation (SIEM)
- Select, design, implement and manage security measures to reduce the risk of loss
VM – Skills
Collecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources to update existing product
- Vulnerability/exploit research and creating signatures for the same
- Handle Customer escalations, to identify False-Positive & False-Negative
- Actively investigate the latest in security vulnerabilities, advisories, incidents, and provide insights (sources like, Microsoft, Oracle, etc)
- Troubleshooting security vulnerability issues/ gaps that arise
- Vulnerability data discovery and validation (Data efficacy & Accuracy)
- Develop, test and modify custom scripts for vulnerability content
- Manually/Automate analyzing new CVE information published
XDR - Skills
- Monitor and analyzing Threat hunting, Deep investing on Cortex XDR Alerts, Detection, Incidents.
- Troubleshoot and Configure Prevention Policies, Custom IOA Rule Groups, Detections Management, Exclusions, IOC Management, Firewall Policies, Firewall Rule Groups, USB Device Policies, Response Policies, Response Scripts & Files, Containment Policy, Sensor Update Policies.
- Should be able to check and utilize all Vulnerability feature in spotlight.
PAM- Skills
- Perform daily tasks that include reconciliation of servers, daily health check of the PAM servers, run daily compliance reports, etc.
- Manage Privileged Session Management and associated policies.
- Create and manage Platforms, Policies and Safes for Privileged ID’s.
- Responsible for Privileged User account administration for various platforms including Windows, UNIX, LDAP, Databases.
- Manage Service Accounts, Non-Production Accounts, Test Accounts within the vaults.
- Develop and maintain documentation for security systems and procedures.
- Reporting and metrics
Management skills:
- 1. Analyze, investigate, lead and coordinate responses to complex, advanced security events and alerts, perform forensic analysis to understand extent of compromise by using respective tools.
- 2. Monitor, analyse security threats, vulnerabilities and trends by utilize threat intelligence to enhance detection and response capabilities.
- 3. Provide guidance, conduct trainings and support to level 1 and 2 SOC analysts
- 4. Collaborate, Assist with security engineers to deploy, develop, implement and manage security tools and architecture.
- 5. Work closely with IT and security teams to coordinate efforts
- 6. Identify opportunities for improving security processes and technology
- 7. Stay upto date on cybersecurity trends and threats.
- 8. documenting security incidents, responses and related information in accordance with procedures.
