T&T-Cyber-D&R-SIEM Content Management-AM

Assistant Manager

We are seeking a skilled and proactive SIEM Content Management Specialist to join our security operations team. The ideal candidate will be responsible for designing, implementing, and managing custom SIEM content that supports the organization's security monitoring and threat detection capabilities. You will play a key role in ensuring that our SIEM system is optimized to detect, analyze, and respond to potential security threats effectively and efficiently.

Desired qualifications

• Experience required 4-6 Years
• Certification's requirementssuch as CISSP, CISM,CEH or any other relevant certificate.

Your role as a Assistant Manager

We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society.

In addition to living our purpose, Senior Executive across our organization must strive to be:

• Develop, test, and implement custom SIEM rules, correlation logic, and use cases to detect security threats.
• Continuously improve and tune existing detection content to reduce false positives and enhance detection accuracy.
• Build and maintain complex correlation rules, dashboards, and alerts tailored to organizational needs.
• Stay current with emerging threats and vulnerability trends, ensuring SIEM content is aligned with the latest threat intelligence.
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Creating SIEM rules to fulfill requirements provided by customers in their security use cases.
• SIEM Administrator is responsible for maintaining client's SIEM appliance by making sure all SIEM deployment devices are working properly, efficiently and with desired performance.
• Inform L3 team of proactive and reactive actions to minimize false positives
• Identifying the risk for Infrastructure and executing the plan to reduce the risk.
• Driving End to End Internal and External Audits related tocontent management.
• Responsible to Perform detailed investigation on security log data events.
• Security Analysis using Industry standard tools and technologies.
• Preparing detailedrun book for each Use casefor creating theSOAR playbook
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Have knowledge in device integration for log collection and developing custom parser for unsupported log source integration.
• Creating security Use cases and mapping it line to MITRE ATTACK and Cyber Kill Chain phases.