To thrive in this role, you have
· 4-6 years of experience managing and maintaining SIEM systems. (mandatory)
· Elastic experience preferred.
· SIEM administration and integration.
o Syslog, agent based and WEF.
o Custom parser development using RegEx.
o Ability to create dashboards and reports.
o Experience in developing SIEM correlation rules to detect new threats beyond current capabilities.
o Working knowledge of Threat Intel to interpret IOC’s and translating them for SIEM alerting.
· Working knowledge of Powershell and or Python.
· Experience with Linux and Unix operating systems.
· Ability to build custom automation playbooks.
· Ability to understand network architecture diagram and build out use cases.
· Working knowledge of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATTCK framework.
· Understanding of cloud security technologies with in GCP/Azure/AWS
· Ability to analyze different logs from various log sources within SIEM.
· Experience with User Behavior Analytics (Exabeam AA/Securonix)
Collaborative Skills:
· Ask questions. We want people who are open to learning and collaboration.
· Collaborate with the SOC Analysts in identifying use cases that leverage existing tools to enable automation and improve detection.
· Must have amazing documentation skills.
· Please work well with vendors and be able to be part of a team.
· Responsible for mentoring and training junior staff in SIEM operations.
· Participate in an on-call rotation that provides 24/7 support.
A security certification is welcomed, but not necessary or a requirement.