Senior Security Engineer

Job Summary

Senior Security Engineer – Deployment and Content Development for Securonix (Next Generation SIEM Solution & UEBA).

Requirements

• Ability to effectively communicate and work with individuals from diverse backgrounds or cultures.
• Good understanding of Incident Management and Response
• Experience in security device management and SIEM
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Excellent communication skills
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills, Problem solving and Interpersonal skills
• Working knowledge and experience with MS office with proficiency in Excel and PowerPoint.

Professional Competencies

• Hands-on deployment of Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) solutions
• At least 5+ years experience working in deploying and managing SIEM solutions like Securonix, Exabeam, Splunk, LogRhythm, AlienVault, ArcSight, QRadar and Nitro ESM
• At least 3+ years experience working in the field of Content development and worked for delivering and/or building content on Securonix, Splunk, AlienVault, ArcSight, QRadar, Nitro ESM
• Experience in developing custom parsers
• Solid networking fundamentals
• Solid experience with Linux/Unix operating environments (configuration and troubleshooting)
• Strong analytical skills to understand data and come up with use cases to enhance detection
• Strong understanding with information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, and cloud security tools
• Strong understanding of APT kill chain frameworks like MITRE, Lockheed Martin etc.
• Experience in Cyber Security technologies and concepts such as insider threat, malware, lateral movement, beaconing, ransomware, data theft, fraud
• Experience working with regular expressions and understanding of YARA rules
• Strong programming background with advanced skills in Java, MySQL, Hadoop is preferred.
• Experience in coding using Core Java and related technologies, scripting languages like Bash, Python etc.
• Experience in working with Hadoop/Relational databases/SQL queries.
• Proven skills in technical writing, verbal communications, consulting, and problem solving in a rapidly changing technical environment
• Proven experience being team-oriented and self-motivated, with a keen attention.

Job Duties

The following are the duties the employee can expect, but not limited to:

• Document SIEM implementation and deployment
• Create SIEM and SOC related operational documentation
• Integrate and share information with other analysts and other teams
• Provide threat and vulnerability analysis as well as security advisory services
• Perform regular health checks on SIEM infrastructure and data collection nodes
• Implement various security solutions as and when required
• Manage interactions with internal and external clients
• Support the SOC team and client in the incident response process
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Perform data quality check on ingested data
• Troubleshoot and resolve data quality issues in the Securonix SIEM solution
• Manage SIEM backend infrastructure
• Develop content for Securonix Snypr platform for SIEM and UEBA modules
• Develop cyber threat models that can be utilized in the SIEM solution for threat detection based on inputs from the SOC team
• Manage day to day SIEM operational tasks
• Troubleshoot and resolve SIEM infrastructure related issues
• Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences
• Participate in the documentation process to ensure accuracy of documentation critical to the team’s success
• Implement Securonix and other SIEM solutions
• Perform on-boarding of new clients
• Perform data ingestion from different log sources into the SIEM solution
• Troubleshoot and resolve data ingestion issues
• Assist with the development of new content and tuning existing content for SIEM, IDS, and other security technologies
• Interact with other IT personnel, sometimes of different nationalities.