Job Title: Consultant | Security Information and Event Management (SIEM) | Mumbai | Cyber Defense & Resilience
· Develop, test, and implement custom SIEM rules, correlation logic, and use cases to detect security threats.
· Continuously improve and tune existing detection content to reduce false positives and enhance detection accuracy.
· Build and maintain complex correlation rules, dashboards, and alerts tailored to organizational needs.
· Stay current with emerging threats and vulnerability trends, ensuring SIEM content is aligned with the latest threat intelligence.
· Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
· Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
· Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
· Creating SIEM rules to fulfill requirements provided by customers in their security use cases.
· SIEM Administrator is responsible for maintaining client’s SIEM appliance by making sure all SIEM deployment devices are working properly, efficiently and with desired performance.
· Inform L3 team of proactive and reactive actions to minimize false positives
· Identifying the risk for Infrastructure and executing the plan to reduce the risk.
· Driving End to End Internal and External Audits related to content management.
· Responsible to Perform detailed investigation on security log data events.
· Security Analysis using Industry standard tools and technologies.
· Preparing detailed run book for each Use case for creating the SOAR playbook
· Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
· Have knowledge in device integration for log collection and developing custom parser for unsupported log source integration.
· Creating security Usecases and mapping it line to MITRE ATTACK and Cyber Kill Chain phases.