Senior Engineer - Platform Security
Klang, Selangor, Malaysia
Millennium IT ESP
Digitally transforming industries with innovative and agile enterprise technology solutions with a legacy of 27 years.Job Description
- SOC Technology Stack - Implementation and Deployment:
- Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
- Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
- Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
- Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
- Deploy security platforms required by the SOC.
- Conduct POCs as per the Project Requirements.
- SOC Technology Stack - Engineering and Administration:
- Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
- Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
- Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
- Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
- Perform regular maintenance, upgrades, and patches to keep the systems up to date.
- Technical Support and Troubleshooting:
- Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
- Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
- Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
- Troubleshoot and rectify any issues that occur within the technology stack
- Provide technical support to internal/external teams to enhance security in the IT infrastructure.
- Process Automation and Optimization:
- Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
- Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
- Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
- Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.
- SOC Technology Stack - Content Development and Maintenance:
- Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
- Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
- Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
- Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.
- Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
- Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
- Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration, and administration.
- Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.
Person Specification
- Bachelors degree in Computer Science, Information Security.
- Professional certifications related to SIEM Administration and Deployment.
- Experience with the AWS and Azure cloud technology stack.
- Strong experience in SIEM engineering, administration, and content development, preferably with industry leading SIEM platforms such as Splunk, QRadar, LogRhythm, Microsoft Sentinel, FortiSIEM etc.
- Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
- In-depth knowledge of log management, log analysis, and security event correlation concepts.
- Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory, and network monitoring solutions etc.
- Strong knowledge of networking protocols, systems architecture, and security frameworks.
- Experience with incident response processes and methodologies.
- Excellent problem-solving, analytical thinking and troubleshooting skills.
- Strong communication and collaboration skills to work effectively within cross-functional teams.
- 2-3 years' relevant work experience.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Ansible Automation AWS Azure Bash Cloud Computer Science Firewalls IDS Incident response Intrusion detection IPS IT infrastructure Log analysis LogRhythm Monitoring POCs PowerShell Python QRadar Scripting Sentinel SIEM SOC Splunk Terraform Threat intelligence Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cybersecurity Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs