Security Monitoring

Security Monitoring

DXC Technology India
Dubai United Arab Emirates
6-9 years
Not Specified

Job Description


Job Description :
Job Description:
Role Description:
The resource hired for this position will be responsible for administration and maintenance of all technologies related to SOC Monitoring like SIEM, NBA etc.
This engineer will be responsible for all SIEM and NBA related activities which include (but not limited to) Logs/Flows onboarding, System Health Maintenance, Log/Flow Health Maintenance, Content Development & Fine-Tuning, License Management etc.
Responsibilities:
  • Works together with principal security analyst to ensure configuration compliance processes are met.
  • Configure and administer the SIEM (Splunk) and NBA (StealthWatch) to support the needs of SOC.
  • Responsible for maintaining the health of the SIEM & NBA tool and ensuring 99.9% uptime of the platform.
  • Perform regular patching and version upgrades on both the solutions.
  • Create necessary dashboards in SIEM and NBA to facilitate enhanced the SOC monitoring.
  • Configure Forwarders and develop TAs (if needed) to integrate various log sources with SIEM platform for log monitoring.
  • Configure Flow Sensors and Flow Collectors to receive and parse all types of Flows like S-Flow, Netflow, Q-Flow, J-Flow etc.
  • Coordinate or perform the scheduled backups and restore activities as per the backup policy.
  • Maintain the log baselines as per the requirements given in the log management policies and compliance requirements.
  • Manage faults; coordinate with vendor for resolution.
  • Maintain proper documentation for SIEM and NBA platforms.
  • As part of data sanity checks, ensure all integrated devices are sending logs and flows properly to the respective platforms with all expected data.
  • Build and implement event correlation rules, logic, and content in both the systems.
  • Work with Operations team to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.
  • Create and Maintain an efficient and working Use-Case Framework.

Eligibility:
  • At least 6 years’ experience in cybersecurity.
  • At least 4 years’ experience in Splunk and 2 years’ experience in CISCO StealthWatch.
  • At least 3 years’ experience in Finance Sector.
  • Good understanding of standards like PCI: DSS, PA: DSS, ISO27001, NESA, etc.
  • Experience in both Enterprise Splunk and Splunk Enterprise Security.
  • Experience managing Splunk setups with Data Ingestion of at least 500 Gb / Day.
  • Experience in designing and deploying complex SIEM multi-site architecture.
  • Ability to rapidly develop RegEx
  • Experience in on-boarding heterogeneous devices, as well as bespoke applications.
  • Good understanding of Cybersecurity concepts.
  • Strong understanding of data flows and content creation using flows.
  • Strong understanding of Network Topologies to ensure required visibility from flow collection.
Preferred Skillsets
  • Scripting capabilities using Python, java script etc.
  • Strong knowledge of UNIX commands and scripting in UNIX.
  • Ability to understand client requirement and deliver in a time-bound manner.

Certifications:
  • Splunk Admin (Data and Enterprise) or higher
  • CompTIA Security+ or equivalent
  • CCNA or equivalent

Job Details

Industry:

Function:

IT

Similar Jobs

People Also Considered

Data Not Available

Career Advice to Find Better

Simple body text this will replace with orginal content