Soar - Siem Lead

**General**
- Perform SIEM and SOAR product support and implementation.
- Working knowledge on different language such as KQL, AQL, SPL, etc.
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms
- (optional) Performs all administration, management, configuration, testing, and integration tasks related to the log management, SyslogNG, Splunk, BigData/Hadoop, and associated platforms to include content creation and maintenance.
- Develop information security and incident response workflows, procedures and best practices and publish them as playbooks in SOAR platform.
- Data collection from various systems/servers, Forwarder Management, creating and managing SIEM apps.
- On-board new log sources with log analysis and parsing to enable SIEM correlation.
- Creates and develops correlation and detection rules, utilizing Regex, within SIEM Security to support alerting capabilities within the Threat Management Center.
- Assist with client setup transition and onboarding, serve as primary point of contact for Managed Security Service client
- Develops internal training methods to support Managed Services client
- Perform capacity planning and management tasks on a regular basis
- Worked along with Client on data onboarding and writing alerts, dashboards using the Search Processing Language (SPL) or KQL or AQL.
- Act as a point of escalation for other Engineers in incident response team to provide guidance and mentoring
- Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources; log collection rate, and server performance.

**Addition / Optional**
- Bachelor’s degree in a related discipline or equivalent experience
- Min of 5 yrs of exp in IT security
- Min of 2 yrs of exp in SIEM and SOAR implementation and support
- Hands on exp with information security tools such as SIEMs, FW,IDS/IPS, EDR, Sandboxes, Vulnerability Management, etc.
- Experience in Qrader or Splunk or Sentinel Administration and analytics development on Information Security, Triage events, Incident Analysis.
- Strong knowledge of frameworks such as Cyber Kill Chain and Adversary Tactics,Techniques and Procedures.
- Experience in Implementing any SIEM/SOAR platform like XSOAR, Qrader, Splunk Platform
- Exp in Implementation and support of any major SOAR platform and developing playbooks for automation
- Expertise in writing Splunk searches, Splunk Infrastructure and content use case development, well-versed with Splunk architecture and design
- Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
- On-board new content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
- Exp with regular expressions and using regular expressions for data retrieval.
- Performing maintenance and optimization of existing Splunk deployments.
- Strong knowledge of Windows, Linux, and UNIX OS
- Hold IBM / Cortex / Sentinel / Splunk platform related certifications.
- Hold relevant Security domain related Certifications such as Security+, CEH, OSCP, CISSP,CISM,GIAC GCIH

**Education & Certification**
- Minimum Bachelor’s Degree (Engineering / Computer Science / Computer Application) or Equivalent. Master Degree in IT Security / Cyber Security is Preferer.
- Certification like CompTIA Security+, ISC2 CISSP, Vendor / OEM certification on EVM, EDR, SIEM, SOAR, equivalent would be preference.

**Experience**
- 2 - 7 Yrs. (Preferable exp on Govt / Semi Govt / Others Govt Agencies)

SOAR - SIEM Lead