Lead SIEM Engineer

Company Description

Resillion is a global company with end-to-end capabilities: no matter your industry, your geographical location, or stage in your digital journey. With offices in North America, Europe, and Asia, Resillion will be by your side. Helping you and your organization realize your ambitions in cyber security, testing of digital media content and quality assurance.

Whether, testing, certification, (software) development, cyber security, or data-protection, the experts at Resillion do whatever it takes. We work as long and hard as necessary to get you to market. 

Job Description

Title: Lead SIEM Engineer/ SOC Engineering Lead

Experience Range: 9-14 Years 

Location: Bangalore

About You:

• The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders.
• The candidate will demonstrate drive, intelligence, maturity, and energy and will have a proven dedicated desire and attitude towards Information security related topics.
• The ideal candidate thrives in a fast-paced environment, with a strong preference for technical, hands-on work. They should also possess a keen aptitude for mentoring and coordinating the efforts of other engineers, enhancing team performance and cohesion.
• The candidate will exhibit a customer-focused mindset, employing a consultative approach to understand and meet client needs effectively, thereby ensuring superior service and support in all interactions.

Key responsibilities

• Provide leadership and supervision to the SOC Engineering team ensuring tasks and projects are organised and completed to a high standard.
• Deploy and configure Microsoft Sentinel solutions for our customers, in support of enabling our Managed SOC services.
• Interact with customers and technical service leads to understand their business challenges and desired outcomes.
• Develop technical solutions to automate repeatable tasks, including Sentinel Workbooks and Logic Apps.
• Research, design, and implement cyber security solutions including but not limited to the Microsoft Security stack.
• Drive the review and update of client supporting documentation such as cyber security policies, architectures, standards, and playbooks.
• Conduct ongoing research around the threat landscape, including threat actors, TTPs and develop analytical rules, IR actions, investigation strategies and tooling.
• Support the SOC Team investigate and respond to client cyber security incidents taking an active role in incident response management.
• Ensure each customer’s operational health is maintained and respond to all platform requests within agreed SLAs.
• Liaise with Account Managers across the business and assist with the presentation of SOC Monitor technology demonstrations to both current and prospective customers.

Required skills:

• Outstanding written and verbal communication skills in English, essential for effective collaboration and client engagement.
• Substantial experience in a customer-facing role, effectively communicating with diverse stakeholder groups.
• Demonstrated leadership in managing and guiding technical teams.
• Extensive experience within a Managed Security Service Provider (MSSP) environment.
• Advanced proficiency in SIEM, EDR, and EPP, with technical expertise in solutions including Microsoft Sentinel, Elastic, and CrowdStrike Falcon.
• Expertise in creating, tuning, and managing SIEM analytical rules to optimise threat detection and response capabilities, ensuring the efficacy and efficiency of security monitoring systems.
• A robust understanding of query and scripting languages such as KQL, Python, PowerShell, and RegEx, enhancing operational efficiency.
• Significant experience in leading responses to major security incidents.
• Comprehensive knowledge of Windows, Linux, and cloud technologies, particularly Microsoft Azure and Office 365.
• Proven ability in analysing complex data, making strategic recommendations, and presenting findings to client and management teams as part of continuous service improvement initiatives.
• Detailed understanding of attack vectors, skilled in distinguishing between normal and anomalous activities, and adept at recommending countermeasures and remediation strategies.
• Experience collaborating with penetration testers and Red Team members in conducting Purple Teaming events.

Qualifications

• Degree in Computer Science, Information Security, or a related field – Must have.
• SC-200 Microsoft Security Operations Analyst – Must have.
• AZ-500 Microsoft Azure Security Technologies – Must have.
• SC-100 Microsoft Cybersecurity Architect – Highly desirable.
• CompTIA Security+ SY0-601 – Desirable.
• Certified Ethical Hacker (CEH) – Desirable.
• GIAC Security Essentials (GSEC) – Desirable.
• GIAC Certified Incident Handler (GCIH) – Desirable.