Division:
Cyber Defense Center is part of the CISO division. The main responsibility of the team is to execute the Cyber Threat Intelligence (CTI) capabilities, Security Operations Centre (SOC), Cyber Incident & Response Team (CIRT). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis. CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.
The Security Operations Centre (SOC) houses the information security team responsible for monitoring and analysing an organisation's security posture on an ongoing basis. The SOC team's goal is to provide 24x7x365 capabilities to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. The SOC staff work closely with the Cyber Incident Response team (CIRT) to ensure security issues are quickly contained upon discovery, as well as, with the Cyber Threat Intelligence team (CTI) to ensure new and emerging threats are being addressed.
The SOC monitors and analyses activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise.
Role:
You join SOC as an Expert in SIEM (Security Information and Event Management) engineering.
The sub-function SOC Tier 1 and 2 monitors, collects and analyses security events information from the networks, systems, and critical applications, detects and triages unusual or suspicious activity and provides real-time first and second-line security operations management services.
In your role as subject matter expert you are responsible for getting the logs on-boarded in the SIEM, develop and maintain event correlation rules that generate the alerts monitored by the tier 1 function, as well as the runbooks being used by the tier 1.
Additionally you guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keep documentation up to date.
Your primary duties will be:
- Keep abreast of evolving cyber threats and identifying new and sophisticated methods of detecting them.
- Interact with customers to gather requirements and ensure the implementation of cyber security solutions.
- Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM log sources and detection logic.
- Responsible for security event life-cycle management with event source system administrators/owners, as well as maintaining current operational event flows.
- Responsible for configuration of enterprise security log source types into the SIEM and definition of security event log forwarding into the SIEM.
- Coach a small team (from a technical perspective); review work outputs and provide quality assurance.
- Analyses and identifies areas of improvement with existing processes, procedures and documentation.
- Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
- Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems.
Technical skills:
- In depth experience in development and maintenance of SIEM use cases.
- Strong knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
- Strong knowledge of network security zones, firewall, IDS.
- Knowledge of Linux and Windows platforms and cloud concepts.
- Experience administering multiple security technologies (Firewalls, IDS/IPS, SIEM).
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat).
- Excellent English communication skills (written and oral).
Assets:
QRadar Certified
Splunk Certified
Any other Security Certifications (e.g. CEH or CISSP)
