مطلوب مهندس أول لدى Security Matterz  في المنامة , البحرين

مطلوب مهندس أول لدى Security Matterz  في المنامة , البحرين

Senior SOC Engineer (SIEM Admin/Analyst L3)

About the job

Job Description

We are looking for a Senior Security Engineer Specialized in SOC operations and SIEM and XDR solutions with a minimal 7 years of experience to work in our MSSP SOC to perform the following duties:

· Manage, setup, and configure the SIEM and XDR solutions.

· Onboarding of log sources.

· Content Development and Management.

· Support Monitoring Team (Tier 1 and Tier 2)

· Support Incident handling Service

Senior SOC Engineer Responsibilities includes:

• Determine requirements and deploy logging capabilities across applications, infrastructure, databases, and networks
• Provide ongoing support services to administer, maintain and upgrade the LogRhythm SIEM configurations.
• Provide administration of core functionality to achieve and maintain operational stability, to include technical support to deploy SIEM product solution Agents and Collectors and technical support to enable, tailor and tune SIEM Alarms.
• Ensure all SIEM deployment components work properly, as designed, configured, and deployed. Monitor and adjust parameters to ensure efficient and desired performance.
• Manage user access, verify availability, monitor database loads, manage the SIEM application performance, capacity and availability, monitor disk space, verify log continuity and log management. Report application problem determination/problem source investigation results.
• Perform SIEM system and application patch installations and upgrades as needed. Verify data collection, ensure backups are executed and completed successfully as well as testing for successful backup restore functionality.
• Provide data ingestion, integration, parsing, correlation, creating dashboards and alerts, etc.
• Perform analysis of logging and monitoring coverage and onboard new data sources.
• Provide content development including:
• Develop Use Cases to detect and report unauthorized/ inappropriate activities and indicators of compromise, including triage and escalation of suspected events.
• Develop, update, and maintain the AIE Rules, Alarms, Lists, Reports, etc
• Develop, update, and maintain the Grafana Dashboards.
• Develop, update, and maintain the Kibana Dashboards.
• Optimize and tune existing correlation rules and alerts to reduce false positive
• Use Cases, Rules, Alarms, lists, reports, etc.
• Develop and report metrics on logging capabilities and trends based on analysis
• Review and assess utilization of logging and monitoring tooling
• Support SOC standard operation procedures development and trainings
• Support the working of a 24×7 Security Operation Centre (SOC) environment.
• Support root cause analysis, debugging, post-mortem analysis of cybersecurity incidents.
• Support analysis and trending of security log data from a large number of heterogeneous security devices
• Support threat and vulnerability analysis as well as security advisory services
• Helping L2 and L1 with required knowledge base details and basic documentations.
• Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.

Qualifications

إقرأ أيضا:مطلوب مندوبين مبيعات في الشركة السعودية الأردنية للتنمية الصناعية في الاردن

• Bachelor’s degree in IT, Engineering, or related field of study preferred.
• Minimum of 7 years of experience in Cyber security
• At least 5 years of working in the SOC.
• Proficient in Incident Management and Response, handling escalations
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• SIEM Solutions administration experience (Radar, LogRhythm, Newtwitness)
• Handsome experience in different types of logs generated by devices like Windows, Proxy, Network Devices, Security Products, Database…etc.
• Good Understanding of Security solutions including Firewall, IDP/IPS, EDR, NDR, AV, Email Security, PAM, etc.
• Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
• Knowledge of network protocols TCP/IP and ports.
• Relevant security certifications (Security +,CySA+, SSCP, CEH)
• Relevant SIEM Solution Certification ( QRadar Admin; LogRhythm: LRPA, LRSE, LRDE)
• Professional Security certification preferred (SSCP, GSEC, CIHE, GCIH, CEH, CPTE, or equivalent).

Additional Information

Technical Skills:

• Strong Communication skills.
• Highly organized and self-motivated to set up and complete training’s timelines per scheduled deadlines.
• Excellent time management skills, presentation skills and team work skills.
• Excellent written and verbal communications skills in English.

If you are interested, please send your updated resume to [email protected]

إقرأ أيضا:مطلوب وكيل مركز الاتصالات في مجموعة فنادق ماندارين أورينتال بالرياض