Job Description

JOB DESCRIPTION Role Proficiency:Provide support to SIEM or EDR specific technology for global customers ensuring the platform is maintained and is functioning as expected. Independently conduct checks and resolve issues for global customers. Outcomes: Further investigation based on Health checks undertaken of multiple customers for the specified SIEM or EDR type escalating issues observed accordingly to a team member if appropriate to identify problematic areas with the platform. Assist with service requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation and query support. Investigate larger issues to ensure optimal service for internal and external stakeholders. Provide assistance with maintenance activities to help improve understanding of the architecture of platforms supported as well as self-study building proficiency for toolsets supported. Generate relevant reporting as required for platforms being supported on a regular basis to ensure internal and external reporting requirements are met. Ensure in-life requests are being actioned in a timely manner for self as well as in junior roles to ensure effective maintenance and management of the customer platform. Provide support where required to other platform engineers to help them ensure that requests and issues are rectified with a focus on the customer impact. Provide supervision and guidance to junior members of the team. Measures of Outcomes: Percent of Adherence to processes and methodologiesa.Percent of adherence to SLAs for in- life ticketing processesb.Percent of adherence to workflows and completeness of audit trails for activities undertaken. Productivity score maintaineda.Number of issues identified early in the event of issues delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage. Number of opportunities to enhance change documentation ensuring processes remain relevant for the broader team. Number of relevant skill related training and development activities undertaken evidenced by certification. Number of opportunities identified to alert and improve helping to reduce false positives Outputs Expected:Technical Expertise: Demonstrate comprehension and experience in the specific SIEM or EDR platform that Engineer is working on. Comfortable with and awareness of platform types across the range of customers being supported Use technology to identify with the ability to implement technical solutions to issues with queries/rules/dashboards/data feeds Provide support to Junior members. Platform Management - Incident and Requests: Provide accurate updates to appropriate Service and Change Requests ensuring audit trails are preserved and SLAs are achieved. Take the lead identifying issues with the specified platform type or supporting infrastructure. Proactive identification of issues with behavioural analysis/patterns identified with suggestions for resolutions. Provide support to Junior members. Stakeholder Focus: Ensure relevant reporting metrics of customer information provided in a timely manner and engage with customer/TAM/Project team where required. Ensure customer specific processes are being followed. Undertake mandatory and proactive learning and development opportunities. Skill Examples: Good communication skills Skill in being prepared to undertake background check/validation to ensure integrity. Ability to perform unsupervised with the assigned SIEM or EDR technologies Capacity to work from the command line as well as user interface Able to work with multiple querying languages Aptitude in working with querying data and the role of a SIEM/EDR Ability to show analytical skills working across multiple technologies and customers. Knowledge Examples:Knowledge Examples Experience working with Security Operations and/or EDR/SIEM Platform Management roles. A deep understanding of the workings of supported toolsets and technologies Knowledge of IT Infrastructure and basic networking concepts Knowledge of creation of detection rules as well as improving and enhancing SIEM/EDR Understanding of ISMS Desirable: Certifications in IT infrastructure / SIEM / EDR / Ethical Hacking Desirable: Academic qualifications and/or relevant work experience in lieu of qualification. Additional Comments: The SIEM Expert will be part of CyberProof\'s SOC group, focusing on SIEM technologies. The role requires a details-oriented professional who will provide SIEM support to our pre-sales teams and support the delivery of SIEM solutions to our customers.The SIEM Expert will be called upon to understand the customer requirements and recommend the appropriate SIEM solution to meet those requirements. The SIEM Expert will support the SIEM solution with Architecture and Design documentation.This role is an excellent opportunity for an individual with strong technical, communication, and customer facing skills. WHAT YOU WILL BE DOING: . Understand customer requirements and recommend best practices SIEM solutions . Offer consultative advice in security principles and best practices related to SIEM operations . Developing new SIEM rules, correlations, dashboards to meet the customer needs . Design and document a SIEM solution to meet the customer needs . Assist in the creation and verification of Statement of Work (SOW) documentation . Assist pre-sales with SIEM sizing, Architecture, RFP\'s and client technical meetings . Deploy and configure the SIEM platform as per Vendor guidelines and industry Best Practices . Assist client with technical guidance to configure end log sources in-scope to be logged to the SIEM . Verification of data of log sources in the SIEM follow the Common Information Model (CIM) . Document the build of the SIEM solution Requirements: . Experience with Azure Sentinel SIEM platform. . University degree in information security or equivalent work experience . Minimum 4 years experience in a similar role . Preferred SIEM vendor certification of administrator . Experience and proficient in UNIX/Linux

foundit