Naukrijobs UK
Register
London Jobs
Manchester Jobs
Liverpool Jobs
Nottingham Jobs
Birmingham Jobs
Cambridge Jobs
Glasgow Jobs
Bristol Jobs
Wales Jobs
Oil & Gas Jobs
Banking Jobs
Construction Jobs
Top Management Jobs
IT - Software Jobs
Medical Healthcare Jobs
Purchase / Logistics Jobs
Sales
Ajax Jobs
Designing Jobs
ASP .NET Jobs
Java Jobs
MySQL Jobs
Sap hr Jobs
Software Testing Jobs
Html Jobs
IT Jobs
Logistics Jobs
Customer Service Jobs
Airport Jobs
Banking Jobs
Driver Jobs
Part Time Jobs
Civil Engineering Jobs
Accountant Jobs
Safety Officer Jobs
Nursing Jobs
Civil Engineering Jobs
Hospitality Jobs
Part Time Jobs
Security Jobs
Finance Jobs
Marketing Jobs
Shipping Jobs
Real Estate Jobs
Telecom Jobs

Senior SIEM Engineer

Incite Insight
Job LocationMaidenhead
EducationNot Mentioned
SalarySalary negotiable
IndustryNot Mentioned
Functional AreaNot Mentioned
Job TypePermanent, full-time

Job Description

Job TitleSenior SIEM EngineerLocationMaidenhead with extensive remote working.The successful candidate may be expected to visit client sites occasionally.Job mission / core purpose

  • Onboard client log sources into SIEM, and improve / optimize log coverage across client environments (SIEM Platform Engineer)
  • Develop content to accurately detect cybersecurity incidents and intrusions (SIEM Content Engineer)
  • Use automation to improve operations at both a technical / infrastructure level as well as at a SOC / human layer (Automation Engineer)
    • General Knowledge and experience
  • Minimum of 3 years experience in Linux system administration, development / programming, security product administrator / engineer / analyst, or equivalent.
  • Good understanding of TCP/IP networking.
  • Good understanding of the cybersecurity landscape, threats, vulnerabilities, controls, etc.
  • Working understanding of some of the following security technologies:, Firewalls, VPN, intrusion prevention system, routers, switches, Windows and Linux servers, Active Directory, web proxies, mail gateways, databases, identity and access management systems, Office 365, Active Directory, endpoint protection products (antivirus), endpoint detection and response (EDR), web application firewalls, etc.
  • Incident response
  • Digital forensics
    • Qualifications / certificationsBachelors degree or diploma in Computer Science / Information Technology, or equivalent combination of education and work experience.Desirable
  • Linux and Windows system administration
  • Security certifications, e.g. CompTIA Security+, Certified Ethical Hacker, etc.
  • Formal programming language certification(s) would be advantageous but not required
    • Specific details
  • Hands-on experience with any SIEM product and experience integrating log sources into SIEM in a mid- to senior-level role
  • Broad IT experience and knowledge - e.g. networking, servers, databases, applications - and ability to integrate into SIEM - e.g. via syslog, Windows Event Collector, JDBC, files over SMB/NFS, event data via APIs and web services, etc.
  • Hands-on server administration (Linux mandatory, Windows optional)
  • Practical scripting experience, e.g. Unix shell, Python and/or PowerShell
  • Exposure to a variety of security products and logs
  • Deploy and maintain QRadar SIEM client-side components to collect logs from clients’ on-premises systems and cloud platforms.
  • Perform regular health checks on client-side QRadar components.
  • Work closely with clients to ensure that their log sources (e.g. Windows/Linux servers, databases, firewalls, VPN, web proxy, mail gateway, intrusion prevention systems, cloud platforms, custom logs, etc.) feed into the SIEM. Provide advice and support to clients on how to configure their log sources to send useful events to the SIEM. Work with client IT personnel - where required - to configure their log sources. Verify log sources feed into the SIEM correctly.
  • Troubleshoot and resolve technical issues impacting event flow from log sources to SIEM. Identify and resolve technical and performance issues affecting log collection.
  • Assess clients’ log coverage and identify gaps where it would be useful to onboard security events to improve coverage and detection capability.
  • Develop custom parsers to extract required data from events, where the log source type is not supported by QRadar.
  • Maintain accurate and up-to-date architecture, configuration and operations documentation.
  • Experience developing SIEM content, i.e. rules, reports and dashboards
  • Exposure to attacker tactics, techniques, procedures and tools
  • Ethical hacking / penetration testing experience would be advantageous
  • Solid SQL query development experience, to be able to develop QRadar AQL
  • Ability to extract useful data out of security logs and transform this into value for SOC analysts and clients
  • Develop, test, implement and fine-tune rules to detect suspicious, malicious or abnormal activity that may indicate an attack or security policy violation in client environments.
  • Work with lead SOC analysts to develop rule response procedures, i.e. the SOC Analyst Playbook.
  • Develop custom parsers to extract required data from events, where the log source type is not supported by QRadar.
  • Work with SOC analysts to fine-tune detection rules to increase accuracy and reduce false positives.
  • Maintain and fine-tune user behaviour analytics (UBA) SIEM solution component.
  • Experience in integrating technologies / platforms
  • Experience in scripting, programming languages, web services, APIs, databases, etc.
  • Experience in writing robust code
  • Ability to identify repetitive manual tasks and automate them
  • Experience working with SOAR technologies would be advantageous but is not required
  • Improve SOC effectiveness and efficiency through use of automation, e.g. automating the collection of data for enrichment purposes.
  • Assist Portal and Service Desk development teams in accessing SIEM data via APIs.
  • Integrate external data feeds into the SOC.
  • Develop and fine-tune automated playbooks (using Security Orchestration, Automation & Response technology).
  • Deploying and maintain open source technologies used by the SOC, Managed Detection & Response (MDR) and Incident Response Teams, e.g. incident tracking, indicators of compromise (IOC) repository, Yara rule repository, malware analysis sandbox, etc.

    • APPLY NOW

    Senior SIEM Engineer Related Jobs

    © 2019 Naukrijobs All Rights Reserved