You will be responsible for security event monitoring, incident management, and incident response.
Responsibilities
- Monitor daily security events and manage security incidents.
- Identify improvements within the SIEM tool, including rules, log integration, and size optimization.
- Investigate daily security incidents independently, following standard operating procedures.
- Document all incident activities efficiently using ITSM best practices.
- Perform threat management, modeling, and develop security monitoring use cases.
Required Skills
- 10+ years of experience.
- Proficient with Splunk, including indexer, heavy forwarder, and search heads.
- Hands-on experience with SPLUNK and SIEM platforms.
- Experience with Splunk Enterprise Security, alerts, reports, and dashboard creation.
- Proficiency in scripting languages such as PowerShell and Python.
- Familiarity with both Windows and Linux OS (RHEL, CentOS, Ubuntu).
- In-depth knowledge of security concepts like cyber-attacks, threat vectors, and incident management.
- Experience with Azure Security Center and Azure Defender deployment.
- Experience with ITSM ticketing systems.