Vacancy expired!
- The primary focus for this role is to act as a Subject Matter Expert for any SIEM & VM solution and be able to configure, manage, operate, and administrate the platform.
- • Communicate and execute the required upgrades to the SIEM & VM platform to address bug fixes, compatibility issues, and enhancements following the change management process
- Recommendation and implementation of proactive measures to enhance accuracy and effectiveness of SIEM solution.
- Ensure clear testing processes before production go-live is well documented and ensure general troubleshooting of the endpoint suite.
- Daily compliance check and proactively remediate any systems not reporting to SIEM solution.
- Analyze and assess security incidents and escalate to client resources or appropriate internal teams for additional assistance.
- Handling escalation from L1 & L2 analysts.
- Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs
- Perform root cause analysis to quickly recover from service interruptions, and to prevent recurring problems.
- Design dashboard reports, and queries that correctly display accurate data, maintenance, and upgrade plans to ensure endpoint products are clearly defined and communicated.
- Strong knowledge in integrating Cloud infrastructure such as AWS, Google Cloud Platform, Azure with SIEM.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with client
- Establish and maintain operational SOPs for all responsible areas and technologies.
- Lead change, incident, and problem management for Devo, Exabeam and Qualys platform including creating change requests, incident Reports and Root Cause Analysis (RCA) reports.
- Monitor vendor SLAs, perform a regular review with vendor management and report to client.
- Responsible for major SIEM client environmental changes including upgrades.
- Bachelor’s degree in computer science, information systems, computer engineering, system analysis, or a related field, or equivalent work experience.
- Preferred industry-relevant certifications like OSCP, CISA, CISSP, CCSP, CISSP, CDPSE, ISSAP, SANS or equivalent Information Security certifications. etc. added advantage.
- Platform Certification on Devo, Qualys and Exabeam will be an advantage.
- 10+ years of overall experience with 5+ years as Security Lead including architecture design and deployment, Investigation, endpoint compliance
- Strong understanding of security incident management, malware management and vulnerability management processes
- Hands-on experience on SIEM & VM tools like Devo, Qualys, Exabeam and Splunk.
- Working knowledge of PowerShell and or Python.
- Strong experience designing, deploying, and maintaining EDR and DLP platforms on both Windows and Non-Windows systems.
- Experience In defining use cases for playbooks and runbooks.
- Should be good with handling major Virus outbreak incidents and setting up prevention policies in Endpoint Security tools.
- Knowledge of industry standards/regulations such as ISO, NIST, PCI-DSS, PSD2, SOX, GDPR, MITRE CWE, MITRE ATT&CK etc.
- Good understanding of ITIL process specifically Incident, Change, Problem, Service Request, and Escalations.
- Experience in understanding log types and log parsing.
- Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g. Qualys, Nexpose, Tenable , NMap, BurpSuite, ZAP, OWASP tools, Kali Linux tools, and Fuzzing tools.
- Deep understanding of TCP/IP network protocols and understanding of network security and popular attack vectors.
- Strong foundation and in-depth technical knowledge in computer security, network security, cryptography, and/or similar fields.
- ID: #48849625
- State: Georgia Alpharetta 30004 Alpharetta USA
- City: Alpharetta
- Salary: Depends on Experience
- Job type: Contract
- Showed: 2023-01-27
- Deadline: 2023-03-27
- Category: Security