Job Description
- Looking for a candidate who has in depth knowledge in SIEM (Security Information and Event Management) implementation and administration.
- Successful candidate must have a blend of expertise in Log sources integration, Custom parser development and Usecase development.
- Hands-on experience in SIEM implementation and administration of either Sentinel or XISAM.
- Knowledge of data ingestion methods in SIEM along with custom parsers and API integrations.
- Ability to integrate different log sources with SIEM and ensuring proper parsing and normalization.
- Ability to create correlation rules in SIEM tool to improve threat detection.
- In-depth knowledge of KQL (Sentinel) and XQL (XSIAM), which is used in Sentinel and XSIAM for querying log data.
- Understanding of security concepts, incident detection, and response to identify and parse relevant security events from logs.
- Skills to debug and troubleshoot issues with log data collection, parsing, and query performance.
- Good experience in ITSM/ITIL/ITAM process design/process improvement.
- Excellent interpersonal, written, and verbal communication skills.
- Experience and comfort in producing project deliverables to include project plans, project status, test plans/results, training materials and release notes.
- Security certifications CEH, Security+ etc.
- Proficiency in regular expressions (regex) for pattern matching and extracting specific data from log entries.
- Familiarity with scripting languages like PowerShell, Python, Cortex Query Language (XQL) ,or Kusto Query Language (KQL) for writing custom parsing scripts.