Description
Hi,
Below is the complete JD for this role:
SOC Lifecycle Management
- 3-5 years' experience in security operations (L2/L3 Analyst + SIEM onboarding)
- Focus on Use Case Definition, Design, Deployment, and Diagnosis.
- Be the connectivity between SOC Analysts, Tools, Platform Support, CyberSecurity, Technology owners
- Focused so as not to be distracted by Incidents
- Track status and progress with formal processes. Report on progress
- Skills Required
- Knowledge of Security Incident process
- Knowledge of security tools, logs, and SEIM
- Organized and able to track complex projects
- Able to create clear, concise documents and processes
- Manage SIEM Use Case/Rule life cycle management process
- Day to Day operations/health check in relation to (non exhaustive)
- Monitor Data Model skipped searches rate, auditing them regularly
- Collect assets and identities from all the proper sources, reformulate them to a proper format and get those to be used adequately by ES
- Creation and maintenance of Correlation Searches:
- Manage performance impacts of the number of concurrent correlation searches execution
- Create adaptive responses with the client needs
- Collect and transform Threat Intelligence Feeds for ES utilization
- Create Technical Add-ons for the clients not yet CIM mapped sources.
- Configure known accounts, administrative identities, domains, interesting ports, scanners, etc
- Ensuring Best practice are applied within SIEM and Splunk Enterprise
- Making use of accelerated data models for ES rules
- Configure correlation searches with summaries only
- Manage Splunk roles on ES to make sure the proper capabilities are set to the proper users and no more than those.
- Create Macros that will provide the abstract categorizations the client requires to get the in-context results.
- Fill in the SOC team with the tools of Investigations, Swimlanes and Glass Tables
- Use existent rules, update the set of rules with newly released ones and align with the client for custom-based scenarios in Correlation Searches.
- Align Priority and Severity of Assets and Identities with client. Monitor Risk, analyse and configure it