Cyber Security Engineer @ A V Immigration

Job Description

Job Summary Knowledge and hands-on experience of implementation and management SIEM, SOAR, NBAD, Threat intel ,and other Newgen SOC security products . Should have some coding, development experience The primary function of an L2 Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic implementation, integration, incidents and events Act as subject matter expert and expert witness where required Hands-on experience in Google Chronicle or any similar product maintenance activities ,including patch upgrades and fine-tuning . Experience. in onboarding / offboarding devices, which includes Windows, Linux, VMs, and network devices. Solid knowledge of Windows / Linux/ Azure Job Responsibilities Candidate should be able to drive SIEM & SOC setup and define processes and procedures for seamless monitoring of security events. . Candidate should have 6 - 10yrs of experience in implementing SIEM & SOC solutions and should be able to work independently. Good experience on working on any one of the leading SIEM Solution providers - QRadar, Azure Sentinel , but Google chronicle would be preferred. Building out the custom alert framework based on log ingestion using SIEM solutions. Should have ability to create custom queries, event parsers Searching and Reporting capabilities with SIEM Tool and create custom dashboards. Demonstrable experience with raw log ingestion and verification from various data sources such as endpoints, network firewalls and switches, virtual infrastructure, servers, applications and cloud repositories Should be able to Create, modify and tune the SIEM rules using trigger alerts on anomalous activities or threat detections and send notifications to SOC team. Integration and troubleshooting of log sources. Proficient in incident response processes - detection, triage, incident analysis, remediation and reporting Should have worked on SOC implementations. In - depth knowledge of security concepts such as cyber - attacks and techniques, threat vectors, risk management, incident management and threat hunting is mandatory. Coordinate with and act as an authority to resolve incidents by working with other information security specialists to correlate threat assessment data. Analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents. Working knowledge of industry standard risk, governance and security standard methodologies Strong knowledge of Ansible or Python scripting, Linux CENTOS/ Red Hat operating system commands, file data storage, indexing, and searching. Goals and objectives Execute risk hunting activities Manage SOAR playbooks. Undertake forensic investigations. Act as subject matter expert and expert witness where required Review vulnerability assessment reports with the client and provide necessary recommendations. Configure and maintain vulnerability scanners policies and reports Conduct threat hunting exercises on SIEM and EDR platforms Perform threat intelligence analysis and investigations. Search on the dark web and use other platforms such as RF to identify intelligence indicators or threats for a specific client Create reports for threat intelligence as a service. Skills High-level understanding of TCP/IP protocol and OSI Seven Layer Model. Knowledge of security best practices and concepts. Knowledge of Windows and/or Unix-based systems/architectures and related security. Intermediate level of knowledge of LAN/WAN technologies. Must have a solid understanding of information technology and information security. * Certification in at least one industry leading SIEM product Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments Should have expertise on TCP/IP network traffic and event log analysis Knowledge and hands-on experience with IBM Qradar, Google chronicel or Sentinel or any SIEM tool Knowledge of ITIL disciplines such as Incident, Problem and Change Management Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products Primary Skills : Bachelor""s degree in a related field. 5+ years of experience security event analysis, incident response, or SIEM engineering Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems). Knowledge of TCP/IP Protocols, network analysis, and network/security applications. Knowledge of common Internet protocols and applications. Familiarity using SIEM and other log aggregation and correlation tools Excellent written, verbal and presentation skills are required Strong analytical and organizational skills are essential and required Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

Employement Category:

Employement Type: Full time
Industry: IT Services & Consulting
Role Category: IT Operations / EDP / MIS
Functional Area: Not Applicable
Role/Responsibilies: Cyber Security Engineer

+ View Contact

Keyskills:   CYBER SECURITY SECURITY NETWORK SECURITY FIREWALLS CCNA SIEM Windows Linux Azure QRadar Ansible TCPIP protocol ITIL IDSIPS VPN Checkpoint Fortigate SOAR NBAD Threat intel Google Chronicle Azure Sentinel Python scripting CENTOS Red Hat OSI Seven Layer Model LANWAN technologies Cisco PaloAlto Sonicwall