Scope of Work:

• Assist in the implementation and management of Security Information and Event Management (SIEM) solutions to support security monitoring and threat detection efforts.
• Collaborate with senior team members to configure data sources, connectors, and log collectors for effective data ingestion into the SIEM platform.
• Learn to develop and maintain correlation rules, alerts, and dashboards to identify anomalies and potential security incidents.
• Participate in requirements gathering sessions with cross-functional teams to customize SIEM use cases according to security needs.
• Monitor SIEM dashboards and alerts, learning to identify and respond to security events and incidents in a timely manner.
• Contribute to the analysis of security logs and events, assisting in investigating suspicious activities and identifying patterns.
• Provide support to Tier-2 and Tier-3 analysts by offering preliminary analysis and contextual information for escalated incidents.
• Collaborate with senior engineers to review SIEM performance, assisting in fine-tuning configurations and rules for improved accuracy.
• Stay informed about evolving threat intelligence and security trends, integrating insights into SIEM rule refinement.
• Learn to assist in incident response activities, contributing SIEM log data for investigations and resolution.
• Work with IT teams to ensure proper data collection and normalization from various sources to enhance analysis.
• Support the creation and maintenance of documentation, playbooks, and procedures related to SIEM operations.
• Participate in security assessments and audits under the guidance of senior team members to evaluate SIEM effectiveness.
• Engage in training opportunities and knowledge-sharing sessions to expand understanding of SIEM functionalities.

Skills

Qualification:

• SIEM Platforms (e.g., Splunk, QRadar)

• Log Management

• Scripting (Python, PowerShell)

• Data Correlation

• Event Visualization

• Networking Protocols

• Security Event Monitoring

Certification (Optional but beneficial):

• CompTIA Security+
• Cisco Certified CyberOps Associate
• LogRhythm
• IBM QRadar
• Microsoft Certified: Cybersecurity Architect Expert