SIEM Developer

SIEM Developer

Macropace Technologies
Mumbai City Navi Mumbai
4 - 6 Years
Not Specified

Job Description

Role: SIEM Rule Developer
-5+ years technical experience working in a SOC and cyber security incident response.
-4+ year experience in SIEM administrator and integration.
-Experience with one or more Security Information and Event Management (SIEM) solutions. (such as McAfee, LogLogic, Splunk, QRadar, ArcSight)
-In-depth understanding of security threats (preferably OWASP Top 10 vulnerabilities), threat attack methods and the current threat environment
-Understanding of common attacks (e.g. brute force, SYN flood, session hijack, smurf etc.) and their SIEM signatures
-Experience in security monitoring, Incident Response (IR), security tools configuration and security remediation
-Must have excellent troubleshooting and analytical skills. Must be able to clearly articulate and propose security solutions in business terms. Must be able to multitask in a fast-paced environment.
-Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)
-Understanding of Operating System, Web Server, database and Security devices (firewall/NIDS/NIPS) logs and log formats.
-Understanding of String Parsing and Regular Expressions.
-Desirable Software Tools Proficiency – McAfee SIEM, WireShark, Nessus, tcpdump, Nikto, Outlook etc.
Responsibilities:
-Development of parsers (Regex based) and correlation rules to detect cyber-attacks and insider threats. Customization of default parsers.
-Development of trend analysis graphs for critical events based on event correlation.
-Ensure integration of critical IT Infrastructure of RJIL with SIEM
-Ensure precise Data source configuration at DS and SIEM appliance end to pull logs of different Data sources like OS, DB, Application, web/file server and security devices (NIPS, firewall, HIPs, proxy, WAF) etc.
–Monitor health status of SIEM appliances and troubleshoot network, storage, parsing and software configuration issues.
–Interact with OEM team for support and closure of support issues.
–Develop SIEM playbooks and train SOC monitoring team on SIEM correlation rules, parsers, raw packets and incident detection.
-Optimize SIEM performance by monitoring cache at DS, ERC and ESM, storage pool utilization at ELM, balancing overall EPS across multiple ERCs, monitoring processes/services/queries running at ERC ,ESM and ACE vis-à-vis their CPU utilization etc.
–Development and maintenance of issue tracker with detailed RCA.
–Monitor and control SIEM access lists, develop backend customized reports as per requirements of SOC monitoring team.
–Prepare SIEM dashboards, Integration

IT Staffing Services

Similar Jobs

People Also Considered

Career Advice to Find Better