Siem Engineer (Remote)

Other
Worldwide
Salary: $10 - $20 Lacs PA per Year
Job Type: Full time
Experience: Senior Level

Teamware Solutions

Siem Engineer (Remote)

Siem Engineer | Teamware Solutions | Worldwide

Job Description:

  • Minimum of 4-7 years of experience in EDR and SIEM/SOAR technologies,Security Expertise in any or multiple EDR and SIEM/SOAR solutions such asCrowdStrike, Defender, Tanium, Splunk, Sentinel, Exabeam, Chronicle,Phantom, Siemplify, etc. 
    • ...

    Siem Engineer | Teamware Solutions | Worldwide

    Job Description:

    • Minimum of 4-7 years of experience in EDR and SIEM/SOAR technologies, Security Expertise in any or multiple EDR and SIEM/SOAR solutions such as CrowdStrike, Defender, Tanium, Splunk, Sentinel, Exabeam, Chronicle, Phantom, Siemplify, etc. 
    • Expertise in performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users. 
    • Experience with deployment of an EDR solution in a large customer environment, including 100k+ endpoints. 
    • Identify, assess, and upgrade customer information technology infrastructure regarding risks and vulnerabilities. 
    • Install, maintain, stage, automate and operate Security Services including virus Software and definitions/signatures, patches, and host-based agents. 
    • Experience with providing status reports, including metrics and KPIs, for team activities. 
    • Experience in building custom detection, develop hunting queries, building dashboards using KQL and SPL and building reports. 
    • Experience in automating the actions on the events using automated remediation and through SOAR platforms. 
    • Expertise in building use cases around NIST and MITRE ATT&CK framework to enable detection at various stages of a cyber-attack. 
    • Splunk configuration and content management – creation of advanced correlation searches, alerts, and reports.  
    • Creation of Risk-based alerting rules within ES platform. 
    • Good understanding of Splunk architecture, performance, and integrations 
    • Development of dashboards/workbooks and alerts. 
    • Implementation of SOAR workflows using Logic Apps, Phantom, Demisto etc. 
    • Development of playbooks using low code, or no code automation blocks. 
    • Knowledge on coding language such as Python and must be able to develop low code automations. 
    • Knowledge on integrating apps/systems with SOAR using out of box integrations available or developing custom integration. 
    • Assess, design, and improve various processes and workflows with a focus on integrating automation through SOAR tools and technologies. 
    • Integrate new logging sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event. 

    Preferred Knowledge

    • Excellent communication skills (verbal and written) along with teamwork collaboration per global and multi-functional teams and intelligence source groups. 
    • Knowledge of network security architecture concepts including topology, protocols, components, and principles. 
    • Knowledge of various enterprise operating system (OS) configurations and management tools for use during deployment, configuration, and management of EDR solutions. 
    • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. 
    • Knowledge in Azure services like Security center, azure monitor, log analytics, NSG, Storage, Azure Functions, SIEM, Email Security, DLP, etc. 
    • Knowledge of enterprise security tools, including Security Information & Event Management (SIEM), Threat Intelligence Platforms (TIPs), and network monitoring tools. 
    • Ability to integrate cybersecurity data using enterprise or custom tools data aggregation and analysis tools, such as Splunk 
    • Implementation of clustered environment and related concepts such as High availability, parallel processing etc. 
    • Must have good knowledge on dashboarding concepts such tokens, inputs, xml etc. 
    • Knowledge on integrating diverse log sources using diff methods/protocols such as syslog, APIs, hec tokens, agents, etc. 
    • Experience with Security Orchestration, Automation and Response (SOAR) tools and technologies. 
    • Strong understanding of security architecture, tool integration, API development and automation. 
    • Experience of threat intelligence is an added advantage. 

    Preferred Skills

    • Expertise in any of the EDR and SIEM/SOAR solutions like CrowdStrike, Defender for Endpoint, Carbon Black, Tanium, Phantom, Cortex XSOAR, Siemplify, Splunk, Exabeam, Sentinel and Chronicle. 
    • Good knowledge on KQL, SPL, Python and PowerShell. 

    Tagged as: remote, remote job, virtual, Virtual Job, virtual position, Work at Home, work from home

Related Jobs

See more All Other Remote Jobs
Load more listings
When applying state you found this job on Pangian.com Remote Network.