The role includes but is not limited to the responsibility of the SIEM management, platform health, capacity management, technical process, and procedures, use case development, and content management. Will be a member of the team responsible for SIEM platform operations, availability, enhancements, and capacity management.
- Current knowledge of security threats, solutions, security tools, and network technologies
- Knowledge and understanding of current and emerging SIEM practices and standards.
- Basic Knowledge of Security Logging, Incident The response, Data Protection, Compliance Validation. Security Analytics, Vulnerability Management, Platform and Application Threat Modelling
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- In-depth experience and understanding of Security Event Management – both from a technology/tool as well as process perspective
- Demonstrated knowledge of TCP/IP networking and major protocols such as HTTP, SSL/TLS, DNS, SMTP
- Demonstrated experience and expertise with several of the following technology competencies with SIEM, vulnerability scanning tools (Nexpose, Metasploit), File Integrity Monitoring, and Data Loss Protection etc.
- Network stream analysis using PCAP data and packet reconstruction
- Knowledge of vulnerability assessment (VA) assessments of servers, applications, network/security/infrastructure devices as per defined frequency annually.
- Strong knowledge of the OWASP Top 10, SANS top 25 and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct An object reference, Clickjacking, buffer overflows, etc.
- Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization