SIEM Admin

Greetings from TCS!!

Role: SIEM Sentinel/Securonix

Technical Skill Set: SEIM, Securonix administration, Sentinel, Implementation

Experience: 4-15 years

Location: Bangalore, Hyderabad, Chennai

Job Description:

• SIEM knowledge with overall all the components and lifecycle of the system - Including below pointers
• Implementation of new SIEM components based on requirement
• Basics of SOC operations operating model
• SOC Content Development theoretical knowledge
• OOTB Data Connector and Parser
• Custom Parser creation Regex
• Types of ingestion mechanism in SAAS or on-premise - pull, push , API, Agent based, Agentless, multi-file based, single file based etc..
• Event filtering mechanism using nxlog or any other mechanism based on tools in place
• Enterprise SIEM Architect exposure. Multiple SIEM deployment experience. SOC Domain Specialized.
• Excellent knowledge of one of the SIEM products Securonix, Sentinel.
• Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing
• Experience with Incident response and Security Operations Center operations
• Experience with deploying and managing a large SIEM deployment
• Excellent understanding of enterprise logging standards, with a focus on application logging
• 5 years of experience with Securonix, Sentinel SIEM systems
• Excellent knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE ATT&ACK Framework
• Excellent understanding of regular expressions, development of custom/flex Parsers
• Excellent Python and Unix Shell scripting skills
• Knowledge on overall GCP, AWS, Azure Cloud infrastructure
• Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies