SIEM Sentinel Administrator

Responsibilities :

- He/she should be having 6+ years of experience in below given fields,

- Monitor the host reporting status and raise internal support ticket in case of Non-Reporting of any host.

- Troubleshoot host non-reporting issue and resolve it. Perform remediation for non-compliance sentinel agents

- Worked in Cyber Security team and SIEM.

- Fine-tuned the deployed use case to reduce the false positive alerts.

- Assist to trim the logs at the indexing to reduce the daily sentinel License Utilization

- Create weekly report according to the client format.

- He/she should monitor the sentinel related tickets, response and resolve them in timely manner. Manage ticket & issues related to sentinel.

- He/she should upgrade the sentinel indexer, search head, universal forwarder and heavy forwarder.

- He/she should have experience in Indexer Clustering and Search Head Clustering environment.

- Raise CRQ to perform any critical activity.

- He/she should perform regular health check of sentinel components, perform backup checks and

validation.

- He/she should be ready to support during the component patching activity and ready to work out of

the office hours in the night. (maximum 3 times in a month)

- Prepare Standard Operating Procedure (SOP), SMTD and other documents related to sentinel and

Security compliance.

- Prepare KB Articles & Best Practices documentation.