Summary:
The Security engineer will support the day to day Security application administration, operations and development activities of the bank security suite of products with key objective to maintain, develop and enhance the detection, prevention, response and monitoring capabilities of GSOC using SIEM Security Analytics platform and solutions
Key Responsibilities:
- Provide administration and operations end to end support to SIEM Security Analytics Platform and other security solutions related infrastructure deployed within the bank.
- Onboarding new log sources, enabling new use cases and supporting all existing use cases.
- Develop and support case management workflow, reports and dashboards.
- Manage and support the log management environment.
- Monitor SIEM internal logs to identify and resolve potential performance issues.
- Drive upgrades and migration to ensure solutions and or related platform are maintained in tip-top working conditions with proper documentation and RCA.
- Test and manage application functionalities, system and infrastructure changes, upgrades, enhancements, patches and troubleshooting.
- Work within established practices and handling guidelines to triage device outages.
- Available to respond to any requests and assist with troubleshooting activities along with proper documentation.
- Ability to understand of data generated by infrastructure and application across bank.
- Integrate data feeds into SIEM Solutions from on premise and cloud deployed devices and applications
- Automation development on existing data feed and contextual data so we get different data from various log feeds to one location.
- Manage and coordinate change & Incident process engagement with regards to current security solutions.
- Communicate effectively with a variety of internal teams and external contacts including technical and executive contacts.
Others:
- Normalization/Parsing the data/logs
- Experience with any insider threat tools
- Follow MIRTE ATT&CK framework and NIST methodology
- Conduct regression testing on existing use cases and future enhancement by adding more new use cases to protect the bank from sophisticated Cyber-attacks.
Requirement:
- ITC/Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
- Certified in leading SIEM administrator would be plus
- Professional security related qualification (e.g. SANS GCIA, GCIH etc.) will be favorable although not mandatory
Technical Skills
- Overall experience 8+ years of experience.
- 5+ years of relevant experience in the area for managing SIEM preferably Splunk/ArcSight
- Hands on experience in Advanced SIEM, Security Analytics solution, Linux and database (MySQL, Oracle/SQL)
- Very strong troubleshooting skills.
- Strong in providing operational support to any SIEM and other security platforms
- Strong knowledge in Syslog log management platform
- Experience in understanding end to end data flow
- Strong knowledge in understanding OS, Proxy, Network and other main-stream Infrastructure, Application, Access and Cloud logs.
- Strong Knowledge in developing custom parsers (regex) required for data ingestion for any infrastructure or application-based data feeds.
- Strong knowledge to optimize performance and outages related to SIEM Solutions.
- Experience in normalize and data preparation to clean the data
- Experience in Data/Device Integration and provide the data back to other platform.
- Knowledge with SOAR platform is an added advantage.
- Experience in Automation using any scripting languages like Python and Shell.
- Knowledge and hands-on experience on implementing Use Cases would be add-on.