Associate Engineer - Security Operations Center (SOC)

Role Summary

As an Associate Engineer working in the Security Operations Center (SOC), your primary focus will be on engineering and administering the SIEM, SOAR, Case Management, Theat Intelligence (TI) and other security platforms used by the SOC. You will be responsible for designing, implementing, and maintaining these infrastructures, as well as developing automation processes and tools to enhance SOC operations and incident response capabilities.

Job Description

• SOC Techonology Stack - Implementation and Deployment:
  - Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
  - Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
  - Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
  - Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
  - Deploy security platforms required by the SOC.
  - Conduct POCs as per the Project Requirements.

• SOC Techonology Stack - Engineering and Administration:
  - Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
  - Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
  - Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
  - Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
  - Perform regular maintenance, upgrades, and patches to keep the systems up to date.

• Technical Support and Troubleshooting:
  - Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
  - Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
  - Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
  - Troubleshoot and rectify any issues that occur within the technology stack
  - Provide technical support to internal/external teams to enhance security in the IT infrastructure.

• Process Automation and Optimization:
  - Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
  - Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
  - Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
  - Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.

• SOC Teachonology Stack - Content Development and Maintenance:
  - Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
  - Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
  - Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
  - Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.

• Documentation, Knowledge Transfer, Security Awareness and Training:
  - Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
  - Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
  - Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration and administration.
  - Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.
  - Create Technical proposals.
  - Review and comprise RFPs sent by clients.

Person Specification

• Bachelor's degree in Computer Science, Information Security.
• 01+ years of industry experience.
• Professional certifications related to SIEM Administration and Deployment.
• Experience with the AWS and Azure cloud technology stack.
• Strong understanding of Kusto Query Language (KQL)
• Experience in SIEM engineering, administration, and content development, preferably with Microsoft Sentinel, FortiSIEM, and ELK Stack etc.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
• In-depth knowledge of log management, log analysis, and security event correlation concepts.
• Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory and network monitoring solutions etc.
• Strong knowledge of networking protocols, systems architecture, and security frameworks.
• Experience with incident response processes and methodologies.
• Excellent problem-solving, analytical thinking and troubleshooting skills.
• Strong communication and collaboration skills to work effectively within cross-functional teams.
• Candidate Should have one or more of following Microsoft certifications SC-200, MS-500, AZ-500, and SC-100.