Experience: 8+ Years
Role: Cyber Defense Engineer
Key Responsibilities:
· Provide administration and operations end to end support to SIEM Security Analytics Platform and other security solutions related infrastructure deployed within the bank.
· Onboarding new log sources, enabling new use cases and supporting all existing use cases.
· Develop and support case management workflow, reports and dashboards.
· Manage and support the log management environment.
· Monitor SIEM internal logs to identify and resolve potential performance issues.
· Drive upgrades and migration to ensure solutions and or related platform are maintained in tip-top working conditions with proper documentation and RCA.
· Test and manage application functionalities, system and infrastructure changes, upgrades, enhancements, patches and troubleshooting.
· Work within established practices and handling guidelines to triage device outages.
· Available to respond to any requests and assist with troubleshooting activities along with proper documentation.
· Ability to understand of data generated by infrastructure and application across bank.
· Integrate data feeds into SIEM Solutions from on premise and cloud deployed devices and applications
· Automation development on existing data feed and contextual data so we get different data from various log feeds to one location.
· Manage and coordinate change & Incident process engagement with regards to current security solutions.
· Communicate effectively with a variety of internal teams and external contacts including technical and executive contacts.
Others:
· Normalization/Parsing the data/logs
· Experience with any insider threat tools
· Follow MIRTE ATT&CK framework and NIST methodology
· Conduct regression testing on existing use cases and future enhancement by adding more new use cases to protect the bank from sophisticated Cyber-attacks.
Key Requirements:
Education
· ITC/Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
· Certified in leading SIEM administrator would be plus
· Professional security related qualification (e.g. SANS GCIA, GCIH etc.) will be favorable although not mandatory
Technical Skills
· Overall experience 8+ years of experience.
· 5+ years of relevant experience in the area for managing SIEM preferably Splunk/ArcSight
· Hands on experience in Advanced SIEM, Security Analytics solution, Linux and database (MySQL, Oracle/SQL)
· Very strong troubleshooting skills.
· Strong in providing operational support to any SIEM and other security platforms
· Strong knowledge in Syslog log management platform
· Experience in understanding end to end data flow
· Strong knowledge in understanding OS, Proxy, Network and other main-stream Infrastructure, Application, Access and Cloud logs.
· Strong Knowledge in developing custom parsers (regex) required for data ingestion for any infrastructure or application-based data feeds.
· Strong knowledge to optimize performance and outages related to SIEM Solutions.
· Experience in normalize and data preparation to clean the data
· Experience in Data/Device Integration and provide the data back to other platform.
· Knowledge with SOAR platform is an added advantage.
· Experience in Automation using any scripting languages like Python and Shell.
· Knowledge and hands-on experience on implementing Use Cases would be add-on.
Soft Skills
· Good written and verbal communication skills
· Process and procedure adherence
· Strong analytical and problem-solving skills
· Effective time management and organizational skills.
Other Requirements
· Willingness to perform on-call duties