Experience 10 + years
Work Location: DXB (WARSAN , Meydan )
Expertise in
- SIEM (Splunk) Expertise , Deployment and continuous update
- Experience to create playbook (FortiSOAR)
- SIEM rules Creation
- Creation of Use-cases (unlimited)
- Create and integrate the Playbooks (unlimited) and customer parsers
- SOC policy & procedure enhancement
- DESC DCI related integration
- Baseline and customization according to Customer environment & covering attacks techniques mapped to MITRE
Job Description
- Responsible for interprets and analyses alerts from devices detections systems, security intelligence devices like IDS and IPS, firewall logs, application logs, network flow data and other relevant sources.
- End to end security incident triage, alerting the respective team and providing contextual information for attack medication and remediation.
- Taking ownership of the security incidents until issue resolved and invoking corresponding escalation process.
- Undertake holistical analysis of security data to identify control weaknesses and gaps and make recommendations for mitigation.
- Responsible for leveraging the threat hunting tools and methodologies available and provide valuable feedback for improvements to drive change. In addition, the team monitors the detection capabilities and team performance on operational basis.
- Conducting an ongoing threat hunting campaign service aligned to contextual Solutions by CUSTOMER requirements and cyber threat intelligence; with the help of onsite threat hunting team.
- Work in partnership with Security Delivery teams to develop tools and capabilities necessary to gather process and interpret large volumes of log and event data.
- Create and maintain documentation and supports controls and quality assurance in line with the organization's standards.
- Responsible for maintaining the data and knowledge collected, consumed and generated by the CUSTOMER services.
- Develop highly extensible, scalable, and SIEM content services that can be adopted and integrated in a wide range of Cybersecurity use cases.
- Configure and tune detections systems that accurately detect threats and relevant alerts off infrastructure
- Create and perform review and validate daily compliance reports to track business as usual and out of policy activities.
- Work with the CUSTOMER’s Cybersecurity Incident Response Team and Threat hunting Team to identify and implement content improvements.
- Provide input to the overall CUSTOMER security services architecture and governance model.
- Provides technical oversight, standardization and validation of the effectiveness of CUSTOMER content service.
- Utilize capability modelling to align systems strategy and planning with business strategy and goals.
- Review the existing CUSTOMER systems architecture, identify gaps and work with relevant teams to enhance the productivity of the CUSTOMER systems.
- Consult with CUSTOMER architecture teams to identify when it is necessary to modify the technical architecture to accommodate infrastructure and security needs.
- Participate in the documentation of developed content, architecture and analysis work.
- Coordinate with internal department owners to initiate the integrations with CUSTOMER systems and support with relevant information and integration guide.
- Monitor and maintain integrations with the log sources and meet the operational SLAs of coverage.
- Develop a consolidated list of telemetry and asset information that will serve as the reference for the target integrations and coverage. A break down will be done based on the source type e.g. security systems, OS, applications etc. and relevant priorities would be given to each asset.
