SIEM Engineer
Pune
Qualys
Discover how Qualys helps your business measure & eliminate cyber threats through a host of cybersecurity detection & remediation tools. Try it today!Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Job Description - As a SIEM Engineer, you will hold a pivotal position within our SIEM Engineering & Administration team. Your primary responsibility will be to fortify the security infrastructure of Qualys by meticulously managing and optimizing the Elastic Stack environment. This includes Elastic Search, Kibana, Beats, and Logstash components. Your expertise will be instrumental in ensuring the confidentiality, integrity, and availability of our critical data.
Responsibilities -:
Comprehensive knowledge in defining alert logic and write security use-cases with a focus on threat detection and incident response.
Continuously evaluate and improve the performance and efficacy of the SIEM by tuning existing rules and integrating new data sources.
Participate in regular incident postmortem exercises, with a focus on deficiencies requiring additional attention.
Expertise with SIEM systems and security log analysis and event correlation.
Detailed technical experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities.
Contribute expertise in the following areas: threat hunting, red/blue team engagements, threat intelligence, data analysis, risk management, governance to a global team.
Leverage Risk Based Analytics to prioritize and manage security events based on risk scores to enhance effectiveness and accuracy of threat detection and response.
Threat research and threat hunting to identify emerging tactics, techniques, and procedures (TTPs) to build detection requirements using an intelligence driven approach
Partner with the security engineering team to mature monitoring and response capabilities.
Design automated workflows, develop automated security response playbooks and integrate security technologies with SOAR platforms.
Own the development and operation of automation and orchestration tools to reduce manual tasks.
Stay ahead of, and remain knowledgeable about, new threats and tactics. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large network of devices and end-user systems.
Provide security guidance on existing and emerging cyber security threats.
Knowledge of Cloud platforms (AWS, Azure, GCP,OCI)
Qualifications -:
1–3 years of experience in cybersecurity on writing security use-cases
Leverage various technologies in a very high paced team including: Sigma, Yara, ElasticSearch, Git and Python.
Experience with SOAR tools
Detailed understanding of security architecture principals and best practices.
In-depth understanding of Windows operating systems administration
In-depth understanding of networking or network administration
Previous experience conducting adversary emulation
Previous experience using cyber intelligence analysis or threat intelligence reports
Knowledge or application of the MITRE ATT&CK Framework
Basic experience with anomaly detection based on security systems
Basic experience using an IDS eg., Snort
Basic command of Linux systems administration and working with BASH
Hands on experience configuring Windows or Linux system logging
Basic understanding of networking including TCP/IP
Basic experience with network monitoring and packet analysis tools
Basic understanding of HTTP, SSL/TLS, SOAP, and reverse proxies
Basic understanding of the OWASP Top 10
Basic knowledge of threat vectors against the Windows or Linux platform
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Automation AWS Azure Bash Blue team Cloud Elasticsearch GCP Governance IDS Incident response Intrusion detection Intrusion prevention IPS Linux Log analysis MITRE ATT&CK Monitoring OWASP Python Qualys Risk management SIEM Snort SOAR TCP/IP Threat detection Threat intelligence Threat Research TLS TTPs Vulnerabilities Windows
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.