. Must have hands-on working on SIEM Implementation Projects(any two of the below in order of preference)
- Log Rhythm
- Forti SIEM
- Arc Sight
- Splunk/Securonix/Azure Sentinel
3. Experience in Installation, Configuration and Troubleshooting of various SIEM Components.
4. Experience in Supported and Non-Supported Devices Integration with SIEM.
5. Experience in Custom parser Development(Regex based and SQL based)
6. Experience in SIEM Architecture design and distributed Architecture Implementation.
7. Experience in design, Implement, Finetune SIEM Usecases(Cross Corelated Usecases, Threat Based Usecases and Mitre based Usecases)
8. Experience in UEBA – Integrations and Usecases
9. Experience working in a large team and customer facing role.
10. Experience deploying standard SOAR playbooks deployment.
11. Knowledge on Python or Power Shell scripting and APIs.
12. Knowledge on various Cloud Components and relevant functionality and logging(Ex:
S3 Bucket, Event Hub, Cloudtrail, Cloudwatch etc.)
13. Should have OEM Certifications in SIEM
14. Security Certifications – CEH, Comptia Security+ or Similar.
Roles and Responsibilities:
1. Engage with Customers during the project lifecycle as Technical SPOC and ensure the Implementation is done smoothly.
2. Coordinate internally and customer teams for technical requirements and issues resolutions.
3. Work on device onboarding, Usecases creation, Parser development which are part of project scope and success criteria
4. Technical SPOC for customer meetings, BRM sessions and other workshops held during the project lifecycle.
5. Work on Internal SOC team for successful handover of the projects for SOC monitoring Go-live
6. Engage with Cross Functional teams for Cloud Logsources integration with SIEM.
7. Build project technical documentations including HLD, LLD and other technical documents.
8. Adhere to project delivery processes and Tata Communications internal processes for successful project delivery.
9. Publish weekly and daily status updates to Customer and work support TPM to send the weekly status reports.
10. Contribute to Threat Management practice development - SOPs, Developments, Automations etc.
11. Effectively collaborate with internal and external teams.
12. Support pre-sales for technical pointers and inputs.