SIEM Administration

 Location : Bangalore 

Experience : 4 to 6 Yrs 

• Good knowledge of SIEM, SIEM Architecture, SIEM health check.
• Deployment of SIEM in customer environment.
• Audit the SIEM in the customer environment.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Good verbal/written communication skills.
• Build of use case for the customer.
• Data archiving and backup and data purging configuration as per need and compliance.
• Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
• Helping L2 and L1 with required knowledge base details and basic documentations.
• Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• High ethics, ability to protect confidential information.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
• Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.
• Provide analysis and trending of security log data from a large number of security devices.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Building Parser for the SIEM using regex.

Ready to work on 24/7 shifts to support client requirement.