Job Title: T&T | Cyber : D&R | AM | SIEM | Mumbai
• Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
•Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Tuning the SIEM rules to remediate false positive security alerts.
• Creating SIEM rules to fulfill requirements provided by customers in their security use cases.
• SIEM Administrator is responsible for maintaining client’s SIEM appliance by making sure all SIEM deployment devices are working properly, efficiently and with desired performance.
• Inform L3 team of proactive and reactive actions to minimize false positives
• Identifying the risk for Infrastructure and executing the plan to reduce the risk.
• Driving End to End Internal and External Audits for Security infrastructure.
• Responsible to Perform detailed investigation on security log data events through SIEM Console.
• Security Analysis using Industry standard tools and technologies.
•Preparing detailed run book for each Use case for creating the SOAR playbook
• Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.
• Have knowledge in device integration for log collection and developing custom parser for unsupported log source integration.
• Creating security Usecases and mapping it line to MITRE ATTACK and Cyber Kill Chain phases.
Certification’s requirements: IBM QRadar Administration / CEH/ Any Cloud Admin Certifications