-
›
- Careers ›
- Careers in India ›
-
Associate consultant
Job Description
Associate consultant
Job Summary
-
Location: Noida
-
Project role: Associate consultant
-
Qualification: B Tech
-
Experience: 2.5-5 Years
-
Skills: Cyber Security
-
No. of positions: 1
Job description:
Summary: Seeking a resource for SIEM platform lead & administrator role to support SIEM services within HCL Cyber Security Fusion Centre. Must Have Skills: SIEM platform architecture planning and deployment experience with any cloud SIEM like Microsoft Sentinel, SumoLogic, AlertLogic, Devo or other native SIEM solutions like ArcSight, QRadar, LogRhythm, RSA or Splunk. Ability to develop custom log source integration using RestAPI, RegEx, Python or other. Also experienced with SIEM rule and usecase development. Good knowledge on working nature of other security tools & technologies. Basic Unix knowledge. Ability to manage a team of L1 & L2 SIEM Admins. Knowledge on Mitre Attack Framework or Cyber Kill Chain. Must have experience with UEBA or UBA management.Good to Have Skills: Prior SOC Analyst role or other security platform management experience. Knowledge on Python or other scripting languages. Experience with SOAR. Job Requirements: Responsible for design & implementation of Microsoft Sentinel or other cloud SIEM platform(s). Ability to plan and integrate log sources that are not supported out of box using REST API, RegEX, Pyhton scripts, etc., Ability to outlay a method for SIEM health check and log source health check. Ability to handle customer escalations and guide the team to improve and maintain the day to day deliverables. Ability to lead a team of admins by laying standard governance practices. Upgrade/update of SIEM components & applications within. Log source integration with SIEM tools which includes planning, providing configuration guidelines to other product admins and onboarding into SIEM. Will be responsible for troubleshooting the broken log sources by engaging respective teams or Vendor as per the complexity of the issue. Will be responsible for the upkeep of the platform including all its components/agents by performing the required health checks. Will be performing basic to moderate troubleshooting with the SIEM platform. Will assist the SOC team by developing SIEM rules and tune them as per security best practices. Will work with one or more threat intelligence tools for integration with SIEM and rule creation. Will support the SOAR admins with playbook/workflow automation. Will develop weekly/monthly reports/presentations and run through with Customers/Leaders for periodic review. Should have good email and meeting etiquettes. Should showcase ownership qualities on the deliverables. Should be flexible with shift timings.Technical Experience: Minimum 8 Yrs of total experience with 4+ years of SIEM platform administration experience with any cloud SIEM like Microsoft Sentinel, SumoLogic, AlertLogic, Devo or other native SIEM solutions like ArcSight, QRadar, LogRhythm, RSA or Splunk.
- To clearly understand the client's cybersecurity environment and respective product.
- To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools
- To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCAordata or logs collection
- To enable knowledge transferortrainings through creationor maintenance of configuration documents, test plans, operational manuals and provide operational training to L1 team.
- To analyse and fine-tune cybersecurity policies, participate in cybersecurity review calls pertaining to change requests and recommendations on cybersecurity policy changes.
- To implement changes, monitor security device performance and implements performance tuning when necessary.
- To prepare analyses and reports to highlight the project progress