SIEM Engineer - Expert
You join SOC as an Expert in SIEM (Security Information and Event Management).
The sub-function SOC Tier 1 and 2 monitors, collects and analyses security events information from the networks, systems, and critical applications at the client, detects and triages unusual or suspicious activity and provides real-time first and second-line security operations management services.
In your role as subject matter expert you are responsible for getting the logs on-boarded in the SIEM, and develop rules that generate the alerts monitored by the tier 1 function.
Additionally you guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keep documentation up to date.
Cyber Threat Analysis & Response (CTAR) is part of the Group Security and Business Resilience division. The main responsibility of the team is to execute the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC), and Cyber Incident & Response Team (CIRT). This includes cyber threat intelligence, vulnerability management, penetration testing, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis.
CTAR supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.
The Security Operations Centre (SOC) houses the information security team responsible for monitoring and analysing an organisation’s security posture on an ongoing basis. The SOC team’s goal is to provide 24x7x365 capabilities to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. The SOC staff work closely with the Cyber Incident Response team (CIRT) to ensure security issues are addressed quickly upon discovery.
The SOC monitors and analyses activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise
- Keep abreast of evolving cyber threats and identifying new and sophisticated methods of detecting them.
- Interact with customers to gather requirements and ensure the implementation of cyber security solutions.
- Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff for managing and maintaining SIEM and it’s components across internal and client environments.
- Contributor guides Junior Engineers in supporting existing systems and initiatives.
- Responsible for configuration of current enterprise security log source types into the SIEM.
- Analyses and identifies areas of improvement with existing processes, procedures and documentation.
- Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
- Experience in development and maintenance of SIEM use cases
- Experience in security device management and SIEM
- Strong knowledge of network security zones, firewall, IDS.
- Strong knowledge of log formats for syslog, http logs, and DB logs
- Knowledge of Linux platforms
- Experience administering multiple security technologies (Firewalls, IDS/IPS, SIEM)
- Excellent English communication skills (written and oral)
· QRadar Certified
· Any other Security Certifications
- Good security mind set
- Sense of urgency and able to apply risk based approach to prioritize work
- Strong analytical skills
- Able to work autonomously
- Motivated to learn new technologies and come up with process improvements and efficiencies
- A team-focused mentality with ability to work & collaborate effectively in a team environment
- Reporting and continuous improvement mindset
- Project Management skills
- You have good influencing/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain “natural authority” (persuasion)
- You examine matters from a distance and putting them in a broader context and time perspective (vision)
- Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
- Capability to ensure confidentiality and discretion in performing sensitive tasks
- At ease in a fast changing environment, flexible and pragmatic, open-minded.