Scope of Work:
- Assist in the implementation and management of Security Information and Event Management (SIEM) solutions to support security monitoring and threat detection efforts.
- Collaborate with senior team members to configure data sources, connectors, and log collectors for effective data ingestion into the SIEM platform.
- Learn to develop and maintain correlation rules, alerts, and dashboards to identify anomalies and potential security incidents.
- Participate in requirements gathering sessions with cross-functional teams to customize SIEM use cases according to security needs.
- Monitor SIEM dashboards and alerts, learning to identify and respond to security events and incidents in a timely manner.
- Contribute to the analysis of security logs and events, assisting in investigating suspicious activities and identifying patterns.
- Provide support to Tier-2 and Tier-3 analysts by offering preliminary analysis and contextual information for escalated incidents.
- Collaborate with senior engineers to review SIEM performance, assisting in fine-tuning configurations and rules for improved accuracy.
- Stay informed about evolving threat intelligence and security trends, integrating insights into SIEM rule refinement.
- Learn to assist in incident response activities, contributing SIEM log data for investigations and resolution.
- Work with IT teams to ensure proper data collection and normalization from various sources to enhance analysis.
- Support the creation and maintenance of documentation, playbooks, and procedures related to SIEM operations.
- Participate in security assessments and audits under the guidance of senior team members to evaluate SIEM effectiveness.
- Engage in training opportunities and knowledge-sharing sessions to expand understanding of SIEM functionalities.
Skills
Qualification:
• SIEM Platforms (e.g., Splunk, QRadar)
• Log Management
• Scripting (Python, PowerShell)
• Data Correlation
• Event Visualization
• Networking Protocols
• Security Event Monitoring
Certification (Optional but beneficial):
- CompTIA Security+
- Cisco Certified CyberOps Associate
- LogRhythm
- IBM QRadar
- Microsoft Certified: Cybersecurity Architect Expert