Job Openings Senior Engineer - Platform Security - SOC

About the job Senior Engineer - Platform Security - SOC

Job Description

  • SOC Technology Stack - Implementation and Deployment:
    • Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
    • Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
    • Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
    • Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
    • Deploy security platforms required by the SOC.
    • Conduct POCs as per the Project Requirements.
  • SOC Technology Stack - Engineering and Administration:
    • Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
    • Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
    • Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
    • Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
    • Perform regular maintenance, upgrades, and patches to keep the systems up to date.
  • Technical Support and Troubleshooting:
    • Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
    • Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
    • Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
    • Troubleshoot and rectify any issues that occur within the technology stack
    • Provide technical support to internal/external teams to enhance security in the IT infrastructure.
  • Process Automation and Optimization:
    • Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
    • Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
    • Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
    • Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.
  • SOC Technology Stack - Content Development and Maintenance:
    • Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
    • Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
    • Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
    • Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.
    • Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
    • Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
    • Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration, and administration.
    • Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.

Person Specification

  • Bachelors degree in Computer Science, Information Security.
  • Professional certifications related to SIEM Administration and Deployment.
  • Experience with the AWS and Azure cloud technology stack.
  • Strong experience in SIEM engineering, administration, and content development, preferably with industry leading SIEM platforms such as Splunk, QRadar, LogRhythm, Microsoft Sentinel, FortiSIEM etc.
  • Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
  • In-depth knowledge of log management, log analysis, and security event correlation concepts.
  • Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory, and network monitoring solutions etc.
  • Strong knowledge of networking protocols, systems architecture, and security frameworks.
  • Experience with incident response processes and methodologies.
  • Excellent problem-solving, analytical thinking and troubleshooting skills.
  • Strong communication and collaboration skills to work effectively within cross-functional teams.
  • 2-3 years' relevant work experience.

Or refer someone