Security Engineer (DE & Integration)

Overview

Responsibilities

• Manage and onboard Azure M365 Suite and Microsoft Cloud Security solutions.
• Deploy, and manage SIEM Infrastructure – Splunk & Sentinel (MUST).
• Deploy, and manage Cribl Infrastructure – Stream, Edge and Search Deployments.
• Deploy, and manage Vulnerability Management solutions ( Tenable, MDVM) & NDR.
• Integrate various data sources into SIEM – Splunk, Sentinel, LogRhythm & Securonix.
• Implement and maintain detection capabilities across SIEM and EDR/XDR platforms.
• Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity.
• Leverage the MITRE ATT&CK framework, monitor the threat landscape, and evaluate existing data sources to identify opportunities for new content development for detection and response.
• Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research.
• Support the onboarding of new data sources by developing relevant EDR/SIEM content.
• Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, and others.
• Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments.
• Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST.
• Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity.
• Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations.
• Assess customer needs and expectations, design solutions to meet those needs, and then implement the design.
• Quickly build and solve a problem using a new technology to determine viability.
• Serve as a primary responder for Managed Security customer systems, taking ownership of issues and tracking through resolution.

Qualification & Skills

• College degree or equivalent training with experience working in a Security Operations Center and/or Managed Security.
• Minimum 6 years of professional experience supporting and maintaining threat content and as well as SPLUNK SIEM System is mandatory.
• Microsoft Security certifications (SC-200, SC-300, AZ-500)
• Splunk certifications (Splunk Certified Architect / Admin)
• GIAC (GCDA, GCIA, GCIH) or equivalent advanced security certifications.
• Experience and knowledge of SIEM is essential.
• Professional experience working with networks and networks architecture.
• Information security knowledge in one or more areas such as EDR – Enterprise end-point security products (e.g., McAfee e-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.)
• Practical hands-on experience in EDR (Carbon Black), Vectra, and Microsoft Azure.
• Splunk, Azure Log analytics, or equivalent big data engine experience.
• Experience with MS Azure Information Protection and technologies, including solution architecture, deployment, management, and support in a large global enterprise.
• General security knowledge, certificates in Splunk Admin, Splunk Architect, Splunk Consultant is a must. Also, good to have Azure, Managed vulnerability (Nessus/Tenable), EDR (Carbon Black) and Firewall related security certifications.
• Experience working with internal and client ticketing and knowledge base systems for Incident and Problem tracking as well as procedures.
• Knowledge of Linux and Windows Operating Systems.
• Experience with various other SIEM security products such as: Splunk, ArcSight, Nitro, or LogRhythm and infrastructure components such as proxies, firewalls, IDS/IPS, and DLP.
• Experience working with clients in a service delivery function.
• Shift flexibility, including the ability to provide after-hours support when needed.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Annual Flight tickets to home country.
• Excellent learning and development opportunities.
• Flexible/Hybrid working environment.
• Inclusive and diverse working environment.
• Open door policy

About Us