Description

You will be responsible for security event monitoring, incident management, and incident response.

Responsibilities

  • Monitor daily security events and manage security incidents.
  • Identify improvements within the SIEM tool, including rules, log integration, and size optimization.
  • Investigate daily security incidents independently, following standard operating procedures.
  • Document all incident activities efficiently using ITSM best practices.
  • Perform threat management, modeling, and develop security monitoring use cases.

Required Skills

  • 10+ years of experience.
  • Proficient with Splunk, including indexer, heavy forwarder, and search heads.
  • Hands-on experience with SPLUNK and SIEM platforms.
  • Experience with Splunk Enterprise Security, alerts, reports, and dashboard creation.
  • Proficiency in scripting languages such as PowerShell and Python.
  • Familiarity with both Windows and Linux OS (RHEL, CentOS, Ubuntu).
  • In-depth knowledge of security concepts like cyber-attacks, threat vectors, and incident management.
  • Experience with Azure Security Center and Azure Defender deployment.
  • Experience with ITSM ticketing systems.

Education

Any Graduate