Senior IT Security Analyst - SIEM Administration

Your Skills :

• Significant experience in SOC, CERT, or CSIRT environments, with expertise in SIEM administration, threat hunting, detection engineering, and incident response.
• Strong expertise in configuring, optimizing, and maintaining Microsoft security products, including Sentinel, Defender for Cloud, Endpoint, Identity, Office 365, Exchange, and Azure Active Directory.
• Proficiency in log sources onboarding in SIEM, log management, developing consolidated security dashboards and developing Playbook to support continuous monitoring.
• Proficiency in creating and simulating hypothetical threat scenarios to anticipate and combat potential attack vectors.
• In-depth understanding and practical application of the MITRE ATT&CK framework for mapping detection rules and identifying attacker tactics, techniques, and procedures (TTPs).
• Practical knowledge of security technologies, including firewalls, IDS / IPS, SIEM, endpoint detection, anti-malware, and vulnerability assessment tools.
• Solid understanding of networks, cloud infrastructures, operating systems (Windows, Linux), and evolving cyberattack methods.
• Experience in correlating threat intelligence feeds with detection engineering to identify and mitigate advanced threats.
• Proven ability to analyze large volumes of security logs and data to craft precise, high-fidelity detection rules while reducing false positives.
• Excellent communication and collaboration skills to effectively share findings and work with cross-functional teams.
• Passionate about proactive cybersecurity measures, with a strong desire to stay updated on emerging threats and Behaviors :
• A high level of collaboration skills with other cross functional global teams.
• Confidence in expressing your ideas and input to the team.
• Open to learn and work on different / new technologies.
• Agile in nature.
• Self-motivated and and Responsibilities : -

Incident Response and Collaboration :

1. Collaborate with SOC, CERT, or CSIRT teams for effective incident monitoring and response.

2. Investigate and respond to cybersecurity incidents, including forensic analysis of attack patterns.

SIEM Administration :

1. Provide ongoing support for SIEM Architecture, ensuring efficient log ingestion, parsing, and normalization to enhance threat visibility and detection capabilities.

2. Designed and customized automated playbooks and interactive dashboards in SIEM to meet specific security monitoring and incident response requirements.

Threat Intelligence Analysis :

1. Gather, process, and analyze threat intelligence feeds to identify emerging threats.

2. Proactively communicate relevant threat scenarios and provide actionable insights.

Threat Detection Development :

1. Develop and fine-tune advanced KQL queries and analytics rules in Microsoft Sentinel to detect sophisticated attack vectors.

2. Build and test hypothetical threat scenarios to enhance threat detection capabilities.

3. Optimize detection systems to minimize false positives and maximize precision.

Incident Response and Collaboration :

1. Collaborate with SOC, CERT, or CSIRT teams for effective incident monitoring and response.

2. Investigate and respond to cybersecurity incidents, including forensic analysis of attack patterns.

Security Tool Management :

1. Configure, monitor, and maintain security tools such as SIEM (Microsoft Sentinel), Defender for Cloud, antivirus solutions, and consolidated security dashboards.

Continuous Improvement :

1. Participate in developing and implementing security concepts, hardening guidelines, and monitoring systems.

2. Perform penetration tests, vulnerability assessments, and audits to ensure robust security measures.

3. Contribute to the creation and refinement of SOC policies, processes, and Desirable Certifications :

(ref : hirist.tech)