IT - Lead Consultant, Infrastructure Security, Security Incident and Event Management (SIEM)
Hire IT People, LLC
Job Seekers, Please send resumes to resumes@hireitpeople.com Detailed job description-
Area of Responsibility:
• Assessment of SOC processes and identify improvement opportunities
• Assessment of SIEM use cases and identify gaps
• SPLUNK(SIEM) Level 2/3 activities
• Creating Use-cases and implement the use cases.
• Document improvement implementation plan
• Provide advisory services for IT security infrastructure and recommend solutions, if needed for the following domains –
o Identity & Access Management
o Application Security & Vulnerability management
o Data Security & privacy
o Infrastructure/Cloud Security
o Security Operations center
• Co-ordinate efforts with technical stakeholders, including Architects, Business Leads and various Teams
• Planning and Reporting activities
Education Qualification:
• Bachelor’s degree or foreign equivalent required. Will also consider three year of relevant work experience in lieu of every year of education
• At least 8 years of experience with Information Security.
Knowledge and Skills:
• Ideal Candidate should have at least 8+ years of experience focused on the SIEM/SOC Operations, Network Security Architecture, Firewall, VPN, etc.
• Hands on Experience with SPLUNK, Cisco/Palo Alto Firewalls, End point Security etc. is a must
• Good understanding of Splunk architecture. Knowledge about various components (indexer, forwarder, search head, deployment server).
• Installation and Configuration of all SPLUNK components.
• Hot, Warm, Cold, Frozen bucketing using IFX, Rex Command and REGEX in configuration files.
• Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
• Difference between event stats and stats. - Time chart attributes such as span, bins.
• Creating dashboards, reports using XML. Inline search vs scheduled search in a dashboard
• Various types of charts, knowledge of app creation, user and role access permissions.
• Creating and managing app - create user, role
• Permissions to knowledge objects Optimize searches.
• Use techniques to optimize searches for better performance.
• Search time vs Index time field extraction.
• CISSP, CISM, CISA, CEH or other information security certifications is preferable but not mandatory.
Area of Responsibility:
• Assessment of SOC processes and identify improvement opportunities
• Assessment of SIEM use cases and identify gaps
• SPLUNK(SIEM) Level 2/3 activities
• Creating Use-cases and implement the use cases.
• Document improvement implementation plan
• Provide advisory services for IT security infrastructure and recommend solutions, if needed for the following domains –
o Identity & Access Management
o Application Security & Vulnerability management
o Data Security & privacy
o Infrastructure/Cloud Security
o Security Operations center
• Co-ordinate efforts with technical stakeholders, including Architects, Business Leads and various Teams
• Planning and Reporting activities
Education Qualification:
• Bachelor’s degree or foreign equivalent required. Will also consider three year of relevant work experience in lieu of every year of education
• At least 8 years of experience with Information Security.
Knowledge and Skills:
• Ideal Candidate should have at least 8+ years of experience focused on the SIEM/SOC Operations, Network Security Architecture, Firewall, VPN, etc.
• Hands on Experience with SPLUNK, Cisco/Palo Alto Firewalls, End point Security etc. is a must
• Good understanding of Splunk architecture. Knowledge about various components (indexer, forwarder, search head, deployment server).
• Installation and Configuration of all SPLUNK components.
• Hot, Warm, Cold, Frozen bucketing using IFX, Rex Command and REGEX in configuration files.
• Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
• Difference between event stats and stats. - Time chart attributes such as span, bins.
• Creating dashboards, reports using XML. Inline search vs scheduled search in a dashboard
• Various types of charts, knowledge of app creation, user and role access permissions.
• Creating and managing app - create user, role
• Permissions to knowledge objects Optimize searches.
• Use techniques to optimize searches for better performance.
• Search time vs Index time field extraction.
• CISSP, CISM, CISA, CEH or other information security certifications is preferable but not mandatory.
Confirm your E-mail: Send Email
All Jobs from Hire IT People, LLC