SIEM Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Job Description - As a SIEM Engineer, you will hold a pivotal position within our SIEM Engineering & Administration team. Your primary responsibility will be to fortify the security infrastructure of Qualys by meticulously managing and optimizing the Elastic Stack environment. This includes Elastic Search, Kibana, Beats, and Logstash components. Your expertise will be instrumental in ensuring the confidentiality, integrity, and availability of our critical data.

Responsibilities -:

Comprehensive knowledge in defining alert logic and write security use-cases with a focus on threat detection and incident response.

Continuously evaluate and improve the performance and efficacy of the SIEM by tuning existing rules and integrating new data sources.

Participate in regular incident postmortem exercises, with a focus on deficiencies requiring additional attention.

Expertise with SIEM systems and security log analysis and event correlation.

Detailed technical experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities.

Contribute expertise in the following areas: threat hunting, red/blue team engagements, threat intelligence, data analysis, risk management, governance to a global team.

Leverage Risk Based Analytics to prioritize and manage security events based on risk scores to enhance effectiveness and accuracy of threat detection and response.

Threat research and threat hunting to identify emerging tactics, techniques, and procedures (TTPs) to build detection requirements using an intelligence driven approach

Partner with the security engineering team to mature monitoring and response capabilities.

Design automated workflows, develop automated security response playbooks and integrate security technologies with SOAR platforms.

Own the development and operation of automation and orchestration tools to reduce manual tasks.

Stay ahead of, and remain knowledgeable about, new threats and tactics. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large network of devices and end-user systems.

Provide security guidance on existing and emerging cyber security threats.

Knowledge of Cloud platforms (AWS, Azure, GCP,OCI)

Qualifications -:

1–3 years of experience in cybersecurity on writing security use-cases

Leverage various technologies in a very high paced team including: Sigma, Yara, ElasticSearch, Git and Python.

Experience with SOAR tools

Detailed understanding of security architecture principals and best practices.

In-depth understanding of Windows operating systems administration

In-depth understanding of networking or network administration

Previous experience conducting adversary emulation

Previous experience using cyber intelligence analysis or threat intelligence reports

Knowledge or application of the MITRE ATT&CK Framework

Basic experience with anomaly detection based on security systems

Basic experience using an IDS eg., Snort

Basic command of Linux systems administration and working with BASH

Hands on experience configuring Windows or Linux system logging

Basic understanding of networking including TCP/IP

Basic experience with network monitoring and packet analysis tools

Basic understanding of HTTP, SSL/TLS, SOAP, and reverse proxies

Basic understanding of the OWASP Top 10

Basic knowledge of threat vectors against the Windows or Linux platform