Resident Engineer / Security Consultant

Scope of work:

• Focus on all technical aspects on Trellix products
• Interface to customer’s staff
• Familiarise with customer’s:

1. Processes and requirements
2. IT Security infrastructure, configurations, challenges and their staff’s strength and limitations

• Prompt resolution of issues

Operations activities will focus in the following areas:

• Configuration Management
• Release and Deployment Management
• Change Management
• Service Validation and Testing
• Event Management
• Incident Management
• Problem Management
• Knowledge Management
• Support & Assistance

Configuration Management:

Configuration Management activities are intended to ensure that Trellix components of the solution are identified, baselined, maintained, and existing configuration records are updated.

• Maintain information about the configuration items of the overall solution
• Configuration items may vary in complexity depending upon the component or product
• Identify, control, record, report, audit and verify configuration items including versions, baselines, components, attributes, and relationships between components of the solution.

Release and Deployment Management:

Release and Deployment Management activities will focus on developing, testing, and validating solution capabilities will meet stakeholder requirements.

• Minimize unpredicted impact on production services
• Use the development (Lab) environment for testing prior to production deployment
• Assist Customer/Partner Project Management with documentation of release and deployment timelines and schedules for phased production deployments

Change Management:

Change Management activities are intended to ensure that changes are recorded, evaluated, prioritized, planned, tested, implemented, documented and reviewed in a controlled manner. The Change Management process should be planned in conjunction with Release and Deployment Management.

• Evaluate solution requirements and changes
• Assess risks related to changes; seek advice of the team for impacts to other products within the solution
• Represent planned changes in Change Advisory Board meetings
• Implement changes to meet customer objectives

Service Validation and Testing:

Perform validation testing of the Trellix Security solution.

• Document a set of Trellix testing activities used to perform product or solution testing
• Work with other team members to perform system validation activities prior to production deployment
• Assist with application validation testing activities
• Assist with policies, fine-tuning the alarms, rules, parsers
• Assist with creation of custom parsers if required for non-supported data sources

Event Management:

Event Management monitors events that occur throughout the Trellix SIEM infrastructure. Activities will focus on monitoring normal operations to detect and escalate exception conditions.

• Review events
• Analyse events in the overall context of the solution
• Review event filtering
• Review dashboards
• Review use cases and ensure the implemented use cases are working as intended
• Reduce false positives while balancing false negatives
• Configure server notifications
• Review automatic responses
• Ensure the existing parsers in the environment work as intended

Incident Management:

Incident Management concentrates on restoring unexpectedly degraded or disrupted service to users as quickly as possible in order to minimize business impact.

• Configure Trellix ePO, SIEM, NSP for notifications
• Discuss current escalation practices and procedures

Problem Management:

Problem Management involves problem isolation, troubleshooting, and resolution. Activities related to root-cause analysis may be performed to determine and resolve the cause of incidents. Proactive activities to detect and prevent future problems are performed and reviewed with the customer.

• Assist with problem isolation efforts
• Seek advice within the team or escalate to Product Support for additional assistance
• Develop after action reports and root cause analysis documents
• Review the configuration of related components to proactively prevent additional or subsequent failures
• Isolate issues and assist with troubleshooting issues related to unknown events

Knowledge Management:

The ability to operate the solution rests to a significant extent on the ability of those involved to respond to circumstances based on their understanding of the situation, the options, consequences, and benefits.

• Brief stakeholders on events, issues, incidents and recommended corrective action plans
• Develop after action reports and root cause analysis documents
• Develop known error records
• Share and disseminate information within the team
• Reduce time and effort required to support and maintain solutions
• Reduce time to find information for diagnosis and remediating incidents and problems

Support & Assistance:

• Engage and manage incidents arising from product
• Work closely with Trellix Technical Support for resolution
• Develop action plans proactively to conduct health check and monitoring
• Assist with troubleshooting when required
• Develop known error records
• Share and disseminate information within the team
• Implementation of corrective actions or recommendations for Trellix Product Suite

Summary:

The Resident Engineer / Security Consultant(s) has to review, support the health check activities, planning of upgrade and planning migration of Trellix products installed at the customer site.