Senior Engineer - Platform Security

Job Description

• SOC Technology Stack - Implementation and Deployment:
• Design the architecture of the SIEM infrastructure based on organizational requirements and industry best practices.
• Configure and deploy the SIEM platform, including setting up log sources, data connectors, and collectors.
• Design and develop use cases and correlation rules to monitor and detect security incidents effectively.
• Ensure the seamless integration of the SIEM platform with other security tools, such as vulnerability scanners and threat intelligence feeds etc.
• Deploy security platforms required by the SOC.
• Conduct POCs as per the Project Requirements.
• SOC Technology Stack - Engineering and Administration:
• Maintain and fine-tune the SIEM infrastructure to ensure optimal performance and scalability.
• Collaborate with cross-functional teams to understand business requirements and translate them into SIEM use cases and rules.
• Develop and customize correlation rules, alerts, and dashboards to effectively monitor and detect security incidents.
• Manage log sources and data collection mechanisms, including log parsers, connectors, and agents.
• Perform regular maintenance, upgrades, and patches to keep the systems up to date.
• Technical Support and Troubleshooting:
• Provide technical support and troubleshooting assistance for the SIEM platform and related systems.
• Collaborate with vendors and support teams to resolve technical issues and ensure optimal performance.
• Investigate and resolve issues related to log sources, data collection, and data quality within the SIEM platform.
• Troubleshoot and rectify any issues that occur within the technology stack
• Provide technical support to internal/external teams to enhance security in the IT infrastructure.
• Process Automation and Optimization:
• Identify opportunities for process automation within the SOC, including incident triaging, alert enrichment, and response workflows.
• Develop scripts, workflows, or tools to automate repetitive tasks and improve operational efficiency.
• Streamline incident response procedures by creating playbooks and workflows that leverage automation capabilities.
• Continuously evaluate and enhance SOC processes to align with industry best practices and improve incident response times.
• SOC Technology Stack - Content Development and Maintenance:
• Create and maintain SIEM content, including parsers, rules, reports, and dashboards.
• Regularly review and update SIEM content based on emerging threats, vulnerabilities, and new log sources.
• Collaborate with threat intelligence teams to incorporate actionable intelligence into the SIEM platform.
• Conduct testing and validation of new SIEM content to ensure accuracy and effectiveness.
• Conduct training sessions and knowledge sharing activities to educate SOC personnel on SIEM engineering, administration, automation techniques, SIEM usage, configuration, and best practices.
• Collaborate with the security awareness team to develop and deliver training materials for SOC analysts related to SIEM usage and best practices.
• Collaborate with the security awareness team to develop training materials and deliver sessions for Security Engineers on SIEM implementation and deployment, configuration, and administration.
• Create detailed documentation of the SIEM implementation, configuration, and deployment procedures.

Person Specification

• Bachelors degree in Computer Science, Information Security.
• Professional certifications related to SIEM Administration and Deployment.
• Experience with the AWS and Azure cloud technology stack.
• Strong experience in SIEM engineering, administration, and content development, preferably with industry leading SIEM platforms such as Splunk, QRadar, LogRhythm, Microsoft Sentinel, FortiSIEM etc.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash, Ansible, Terraform) to develop automation workflows and tools.
• In-depth knowledge of log management, log analysis, and security event correlation concepts.
• Familiarity with security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, active directory, and network monitoring solutions etc.
• Strong knowledge of networking protocols, systems architecture, and security frameworks.
• Experience with incident response processes and methodologies.
• Excellent problem-solving, analytical thinking and troubleshooting skills.
• Strong communication and collaboration skills to work effectively within cross-functional teams.
• 2-3 years' relevant work experience.