Requirements

Role Requirements:

• Manages the functionality and efficiency of the SIEM infrastructure.
• Maintains the integrity and security of servers and systems.
• Sets up administrator and service accounts.
• Maintain system documentation and standard operating procedures.
• Makes recommendations to purchase hardware and software, coordinates installation and provides backup recovery.
• Develops and monitors policies and standards for allocation of SIEM resources.
• Provides advice and training to end-users.
• Provides guidance and work leadership to less-experienced staff members and may have supervisory responsibilities.
• May serve as a technical team or task leader.
• Maintains current knowledge of relevant technologies as assigned.
• Participates in special projects as required.
• Deploy new SIEM Loggers, SmartConnectors / FlexConnectors as required to collect data feeds.
• Assist in the proper operation and performance of SIEM ESM, Loggers and connector.
• Provide capability to analyse SIEM output and interpret reports.
• Integration of data feeds (logs) into SIEM.
• Perform content development to properly identify data feeding SIEM.
• Develop filters to assist in the identification of significant events.
• Develop reports (manual and automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics (as defined by the client).
• Develop dashboards/reports for external customers for system monitoring.
• Provide ad-hoc training to analysts focusing on specific client missions, including generic SIEM training sessions and Custom Use Case training sessions.
• Provide recommendations and implement changes to optimize SIEM products in the customer environment.
• Support the client in fact finding or case supporting tasks as it relates to SIEM.
• Evaluate relative SIEM product advancements and provide recommendations to the customer.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools.
• Conducts complex security architecture analysis to evaluate and mitigate issues
• Develops implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
• Acts as team lead, managing and mentoring efforts of junior engineers.
• Develops capacity planning for entire SIEM infrastructure over 3 years.

Accountable for:

• Day to day running of MSS within customer accounts.
• Escalation of concerns/issues/incidents.
• Team/vendor efficiency in delivering as contracted, and ensuring the customers receive all relevant services according to SLAs.
• The effectiveness of security being delivered to customers.

Education required:

• Bachelor’s degree in computer science or a related technical discipline, or the equivalent combination of education, technical certifications.
• One or more of these industry Cybersecurity Certifications: CISM, CEH, OSCP, CompTiA Security Plus, as well any SIEM related qualification.
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security technologies.
• Managed security services experience across complex architectures.

Experience required:

• Minimum of six (6) years of work experience and three (3) years of relevant experience in SIEM engineering in a Security Operations Center [SOC]
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security technologies.
• Managed security services experience across complex architectures.
• In depth understanding of the role of SIEM engineering tools and dashboards.
• Prior experience to advise, plan, deploy, configure, manage and monitor large scale SIEM solutions.
• Ability to communicate effectively with all levels, influence, persuade and be credible internally and externally.
• Must work well under pressure and changing priorities.
• Have demonstrated ability to plan, prioritize, coordinate and manage multiple, and often conflicting, initiatives.
• Able to establish trust and build on-going client relationships.
• Ability to translate and clearly formulate technical issues in business terms.
• Good interpersonal skills.
• In depth understanding of the role of incident analysis tools.
• In depth understanding of various types of log analysis.
• Prior experience to advise, plan, deploy, configure, manage and monitor large scale and complex cyber defense and IT risk management and information or cybersecurity solutions.