SOC - SIEM Admin Specialist

Reporting Structure

Reports to Lead – Security Operations Centre

Location – Mumbai

Education

·       Bachelor's degree in Cybersecurity, Information Technology, or a related field (preferred).

Experience/ Qualifications

·       Minimum of 4 to 6 years of experience in a SIEM administrator role.

·       Proven experience with a leading SIEM platform (e.g., Splunk, QRadar, ArcSight).

·       Strong understanding of log management principles and practices.

·       Working knowledge of network security concepts and protocols.

·       Proficiency in scripting languages (e.g., Python, PowerShell) would be added advantage.

·       Excellent analytical and problem-solving skills.

·       Strong communication and collaboration skills.

·       Ability to work effectively in a fast-paced, dynamic environment.

Industry

·       Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

SIEM Management:

• Install, configure, and maintain the SIEM platform according to best practices.
• Manage user access and permissions for the SIEM.
• Perform regular backups and disaster recovery testing.
• Monitor system performance and health, troubleshooting and resolving issues.
• Stay up-to-date on emerging threats and vulnerabilities, updating SIEM rules and detections accordingly.

Log Management:

• Configure log sources and ensure seamless log collection from various network devices, applications, and systems.
• Normalize and enrich log data for effective analysis and correlation.
• Design and implement custom log parsing rules for specific applications or devices.
• Monitor log volume and disk space usage, optimizing storage as needed.

Security Monitoring and Analysis:

• Proactively monitor SIEM alerts and dashboards for potential security incidents.
• Investigate triggered alerts, performing root cause analysis and identifying false positives.
• Escalate confirmed security incidents to the SOC team for further investigation and response.
• Generate reports and summaries on security events and trends.

Incident Response:

• Participate in incident response activities as needed, providing insights from the SIEM platform.
• Follow established incident response procedures and document events thoroughly.
• Support the SOC team in threat containment, eradication, and recovery efforts.

Industry Certifications

·       Technical certifications: CompTIA security+ \ CEH or relevant

·       Security Standard frameworks: ISO/NIST/PCI-DSS

·       Incident Handling and relevant certification