We are seeking a skilled SIEM Administrator to join our cybersecurity team. The ideal candidate will be responsible for managing and optimizing our SIEM solution, ensuring the security of our information systems by monitoring, detecting, and responding to security incidents.
Job Responsibilities:
SIEM admin engineer should have experience with the following:
- SIEM Administration (preferable IBM Q-Radar SIEM solution)
- SIEM Installation and configuration of additional components if needed
- Adding Log sources to SIEM and developing custom integrations
- Monitoring Activities
- Use Case Development
- Develop Threat hunting SIEM rules for extended visibility
- Mapping Use Cases to different regulation frameworks such as MITRE, NIST 800-53, CBE
- Tuning SIEM rules to minimize false positives
- Troubleshooting SIEM and following up on Tickets with support
- Engagement in SIEM upgrades and Enhancements
- Understand customer requirements for SOC service and able to position the offering.
- Ability to work independently with little or no supervision and result oriented.
- Able to execute instructions and to request clarification when needed.
- Able to exhibit ability to be sensitive to the needs, concerns, and feeling of others.
- Able to interact effectively with all levels of management.
- Working knowledge of Networking concepts (firewalls, DNS, IP addressing, SSL/TLS and certificates).
- Security Solutions integration (Including FWs, EDR, SOAR, TIP, etc) with SIEM solution.
- Identify integration capabilities and best practices for each product.
- Job Qualifications:
- Bachelors Degree in Computer Science, Cyber Security, Information Systems or Business Administration.
- Excellent written, verbal communication skills, ability to effectively coordinate multiple priorities in a dynamic environment, strong analytical and negotiating skills & excellent organization and interpersonal skills required
- Knowledgeable in Windows Domain, network and multi-tier application architectures
- SIEM solution administration (Preferable IBM Q-Radar ).
- Security software countermeasures
- Persuasive with details and facts
- Ability to work both independently as well as part of a geographically dispersed integrated team
- Ability to balance multiple priorities in a fast-paced, highly collaborative, frequently changing, and sometimes ambiguous environment
- Knowledge of how to use network management tools and packet captures to resolve operational issues
- Familiarity with industry standard network management tools and common application traffic flow patterns in multi-tiered applications
- Expert knowledge in the following technologies:
- Microsoft Active Directory Services
- TCP/IP Based Networking Principles
- Microsoft / Linux Operating Systems
- Firewalls and Perimeter Security
- Proxies and Load Balancers
- Intrusion Detection and Prevention Systems (IDS/IPS)
