Principal Engineer - SIEM

Description :

- Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics.

- Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior.

- Working experience with Threat intelligence teams to be able to interpret IOCs and use them

efficiently for alerting.

- Experience using multiple online sources in order to identify new threats.

- Understanding of monitoring devices such as firewalls, network and host-based intrusion

detection systems, web applications, AV, WAF, Proxy and operating system logs.

- Create technical documentation around the content deployed to the SIEM.

- Ability to partner with anomaly detection and incident responders to improve data quality

and reduce false positives.

- Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks.

- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities.

- Manage appliance or virtual appliance OS and SIEM software.

- Create innovative solutions to automate and reduce timeframes for operational changes as

well as the initial installation of the platform.

- Create rules for compliance and audit requirements and create and manage Watch Lists for

current threats.

- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.

- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.

- Perform formal Health Check and administrative password change.

- Perform formal Architectural Review.

- Create custom rules/rule modifications and custom reports/ report modifications as needed.

- Manage SIEM user accounts (create, delete, modify, etc.

- Add /Remove log sources.

- Troubleshoot issues with log sources or systems with the vendor, and report system defects

as needed.

- Manage product enhancement/feature requests with vendors as needed.

- Perform software upgrades, updates, and patches as needed.

- Create client-specific Watch Lists if necessary.

- Perform technical account management duties for specific top-tier, strategic clients.

- Responsible for major SIEM client environmental changes including upgrades.

- Create custom documentation for internal and external needs.

- Responsible for mentoring and training of SIEM Engineer II employees.

- Attend vendor-specific meetings and conferences for business and professional development.

- Responsible for testing and configuring new products and technologies.

What We're Looking For :

- Bachelor of Science degree in Computer Science or related field is required.

- 8+ years of experience in SIEM.

- Strong presentation and verbal communication skills.

- Work with internal teams and client teams.

- Work with service teams to secure various technologies.

- Ensure the security of the customer's environment.

- Responsible for testing and configuring new products and technologies.

- Assist with designing and documenting work processes within the SOC.

- The role demands the availability for US working hours (5 PM (IST) to 2 AM (IST)).

- This role is Work from Office role.

What You Can Expect From Optiv :

- A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.

- Work/life balance.

- Professional training resources.

- Creative problem-solving and the ability to tackle unique, complex projects.

- Volunteer Opportunities.

- Optiv Chips In encourages employees to volunteer and engage with their teams and

communities.

- The ability and technology necessary to productively work remotely/from home (where applicable).