About The Company
Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications
- Responsible for managing customer queries related to all services and solutions delivered, including diagnosing, and resolving complex technical issues in Cloud & Security domain. The role acts as a conduit between customers and other teams such as engineering, architecture etc. for any issue resolution. This is an operational role, responsible for delivering results that have a direct impact on day-to-day operations and capable of instructing professional or technical staff and reviewing the quality of the work undertaken by these roles.
Responsibilities
- NG SIEM (SIEM+SOAR+UEBA) Tool Overall Administration, Management, Backup &
Archival, Troubleshooting
- Upgrade/Update/Patching/Backup/Archival of NG SIEM Solution
- Monitor NG SIEM Console & Dashboards and provide response & support to remote SOC
team for Incidents.
- Support the day-to-day operation of deployed NG SIEM (SIEM+SOAR+UEBA)
- Perform initial analysis for known issues and provide the appropriate recommendations
for closure.
- Monitor & Reporting of system components health and take necessary action in case of
any observed issue.
- Integration of NG SIEM with IS infrastructure (Existing/Future) but not limited to like IPS,
WAF, Patch Management, Firewall, Anti-APT solution, Antivirus, EDR, AD, ERP, DLP,
VMT, Exchange, SharePoint, Network Devices, Web Services, Custom applications etc. &also on respective version upgrade(s) . -(Continuous)
- Develop appropriate use cases/playbooks/models/reports and alerts & develop custom
parsers/connectors for integrating logs wherever necessary or required. L3 should have
a good command on Regex, Parser & Playbook creation. No separate charges will beprovided for Parser or Play book creation.
- Integration of SIEM/SOAR/UEBA Tool with security/non-security solutions based on
requirement & architecture and develop/modify appropriate use cases/rules,
playbooks/models, reports and alerts – (Continuous)
- Should provide real time situational awareness to the Client stakeholders.
- Use and apply learnings from incident and provide recommendation for standardizing the
NG SIEM (SIEM+SOAR+UEBA) Solution.
- Reduction of False Positives by fine tuning existing correlation
rules/configuration/playbooks/models
- Automation with continuous improvements, Reduction in MTTR, MTTD
- Develop and implement processes for interfacing with Operational teams and other
supporting teams.
- Ensure the NG SIEM (SIEM+SOAR+UEBA) integration is intact among the Client SOC
solutions, other assets
- Design, create and customize the dashboards/reports as per the Client requirements.
Customise & fine tune SIEM, SOAR, UEBA Dashboards.
- Ensure the necessary Client SOC documents like operating procedures, configuration
management, Low Level Design etc. are up to date with the changes made in their
respective areas.
- Automating Day to Day Tasks related with NG SIEM Operations (but not limited to)
- Above is illustrative list of general activities. All Technology specific activities Related to
NG SIEM to be carried out.
- Use and apply learnings from incident and provide recommendation for standardizing the
NG SIEM Solution.
- Support on boarding and maintenance of a wide variety of data sources to include various
OS, appliance, and application logs. Create Custom parser, queries, custom dashboards,
and visualizations
- Create and manage NG SIEM knowledge objects to include apps, dashboards, saved and
scheduled searches and alerts
- Support access requests and modifications and permissions
- Support troubleshooting and remediation of issues as they arise with data ingestion and
NG SIEM infrastructure
- Creating & updating all SOPs & support for fulfilling Audit requirements.
- Monitor & report on cyber threats and suggest any changes needed to protect the
organization in SIEM, Leading End-to-End Implementation of the suggested changes.
- Provide notification and communication with Incident management and respective
application team upon threat detection.
- Perform analysis on the reported incidents, determine the root cause, and recommend
the appropriate solution.
- Should have a very good understanding on MITRE att&ck & NIST framework.
- Work on Improvement of overall posture of NG SIEM deployment to achieve best return
on investment. Coordinate with Analyst team for finetuning & improving NG SIEM overall
utilization/usage & enriching security posture of ClientDesired Skill setsGood hands on and knowledge to manage SIEM - ArcSight (Micro focus) , SOAR+UEBA - ArcSight(Micro focus)
- Good knowledge on implementation, installation, integration troubleshooting and overall functionalities
- Experience in troubleshooting platform related issues, data backup, restoration, retention
- Maintains awareness of latest technologies in the domain
