Security Information & Event Management (Siem) Platform Operation

Roles & Responsibilities:
- Lead the implementation and maintenance of SIEM platforms to able to detect and respond to security incidents
- Collaborate with cross-functional teams to develop and implement security use cases, playbooks, and integrations
- Stay updated with the latest advancements in security technologies and best practices to ensure the security of enterprise systems and data
- Create/Modify SIEM/SOAR use cases, playbooks, dashboards and parsers
- Lead SIEM/SOAR build/implementation activities
- Provide recommendations and optimizations on SIEM and SOAR technologies to drive efficiencies and increase output
Open Positions:
- Security Delivery Specialist/Team Lead
- Security Delivery Associate Manager
- Security Delivery Manager
Professional & Technical Skills:
- Experience in Security Response and Monitoring Implemented any SIEM solutions;
- Hands on experience in port scan and vulnerability scanning techniques;
- Strong ArcSight ESM and Splunk skills from end tend understanding of the technology;
- Strong understanding of Security orchestration, automation and response technology;
- Implemented multiple SOAR playbooks/projects;
- Strong understanding of Correlation, Normalization, Parsing, and syslog formats and events in general;
- Strong understanding of SIEM and the required infrastructure;
- Strong understanding of SIEM concepts and best practices;
- Should have architect level knowledge in Information Security domain;
- Should have design, build or consulting experience on any of the leading SMR tools;
- Knowledge on different standards and frameworks CIS, COBIT, IS17799 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP, PCI-DSS, CIS, OWASP Windows administration skills
- Application servers, web services, remote access, file print services, server virtualization
- Active Directory Performance monitoring, logs alerts Network fundamentals
- Knowledgeable in Infrastructures such as VPN, LAN, WAN, wireless network, network topologies, and access methods
- Knowledgeable in Hardware such as switches, routers, media types
- Protocols and services such as OSI model, IPv4, IPv6, name resolutions, networking services, TCP/IP
- Knowledgeable in User authentication, permissions, password policies, audit policies, encryption, cryptography
- Knowledgeable in Physical security, internet security, wireless security, and core security principles
- Strong understanding to security monitoring tools and technologies Splunk, SIEM, IBM QRadar, Demisto, Splunk Phantom, Azure Sentinel