T & T : Cyber: Cyber Defense & Resilience: Deputy Manager SIEM /Sentinel

JD:

Preferred Knowledge Demonstrates proven expertise and success managing project workstreams in a security, controls, or information security management environment. Should have the following skills: • Excellent communication and presentation skills • Analytical and problem-solving skills • Proven ability to implement, manage and optimize SIEM platform. • Experience in designing, configuring, and maintaining SIEM platform to protect sensitive data, prevent unauthorized access, and respond to cyber threats effectively. • Should have experience on multiple SIEM platforms. • Knowledge of the latest security threats, vulnerabilities, and industry trends. Proven expertise in implement both on-premise and cloud native platforms.

Roles & Responsibilities

Strong experience in implementation of SIEM platform, log source integration, SOAR integration, UBA, and use case management. Expert knowledge in SOC Implementation Services and Incident response. Strong knowledge in SOAR and UEBA. Working knowledge of ITSM tools, ServiceNow preferred.

Ability to onboard new log sources on both on-premises and cloud-native SIEM platforms and troubleshoot issues related to log collection, including syslog and API-based mechanisms, performance, connectivity, etc. Architect and design solutions to meet functional security requirements in Azure Sentinel, will be an added advantage. Develop a deep understanding of how customers use the Azure Sentinel platform or other SIEM platforms across Azure and M365 workloads. Create and review Azure Sentinel / QRadar architecture and solution design artifacts. Should have hands-on experience in developing complex use cases using AQL/KQL. Perform security analyst operations within Azure Sentinel, including incident response and remediation. Drive strategic and complex projects with critical dependencies. Engage directly with customers at the CIO/CTO level, support executive briefings and innovation partnerships. Develop, update, and manage PowerShell scripting for automation. Coach and mentor team members on client interaction and work delivery. Knowledge of security frameworks such as ISO/IEC 27001, NIST 800-53, OWASP, ISM. Should understand Azure security services, including Azure Security Center, Azure Sentinel, Azure Active Directory, Azure Firewall, Azure Virtual Networks, and Azure Key Vault. Should have good understand of SIEM migration. Collaborate with security teams to gather requirements and translate them into effective SIEM configurations. Configure data connectors to ingest security data from various sources. Develop and implement playbooks, rules, and alerts for security incident detection and response. Create custom dashboards and reports for organization-wide security visibility. Integrate SIEM platform with other security tools for enhanced threat detection and response. Monitor and troubleshoot performance issues in the SIEM platform. Stay updated with the latest security threats and best practices for improving the Sentinel environment.

Preferred Educational Qualification

Bachelor’s/Master’s Degree

Certifications: Must have certifications such as Az500, SC200, MS500, and other Security Certifications. Knowledge of security frameworks such as ISO/IEC 27001, NIST 800-53, OWASP, ISM.