Senior Engineer

Job Description:

Job Title - CSA SIEM Admin (Chronicle, Sentinel and Splunk )

Location - Pune

Role Description

The COO Chief Information Security Office (CISO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization. You will be part of a global SIEM admin/operations team. SIEM Administrator will be responsible for maintaining SIEM(Chronicle, Sentinel and Splunk) instances by making sure all SIEM deployment devices are working properly, efficiently and with desired performance. SIEM Administrator main duties and responsibilities: managing user access, verifying availability, monitoring database loads, managing application performance, capacity and availability, monitoring disk space, verifying log continuity and log management reports, application problem determination/problem source investigation, monitoring SIEM system patches and upgrades, installing application patches as needed, verifying data collection, verifying backups are running and complete.

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

• Engineer, implement & support SIEM platforms (Chronicle, Sentinel & Splunk)
• Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform
• Provide production support for the platform as part of the team to ensure smooth operations, system function & system health
• Proficiency developing log ingestion and aggregation strategies
• Hands-on experiences with Sentinel SIEM administration, Configuration, and management of solutions.
• Experience with policy tuning, customization, implementation of best practices, determine specific value driven use cases, and fully integrate the solution into the environment.
• Good understanding about terraform & deployments.
• Understanding of MITRE ATT&CK and NIST Cyber Security Frameworks standards and implement on DB SIEM (Chronicle, Sentinel and Splunk).
• On-board new data sources into Chronicle, Sentinel analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
• Contribute to product architecture, engineering & roadmap for the multi SIEM platform
• Develop security-focused content for Chronicle/Sentinel, including creation of complex threat detection logic and operational dashboards
• Work with cross-functional teams to proactively improve on existing integration automation/workflows.
• Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.
• Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
• Passionate about data to drive information-based security analytics
• Manage backend functionalities for Chronicle
• Work with end users to understand and define the requirements
• Recommend GCP best practices for implementation
• Create Operational Documents for process

Your skills and experience

The candidate must have Degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of 10+ years of experience in with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity.

• 10+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms
• 6+ years of Experience implementing, architecting and administering SIEM platforms like Chronicle, Sentinel, Splunk, ArcSight, Qradar etc., for a large global organization
• Knowledge of GCP services and data ingestion from those services into SIEM. 
• Experience developing in XML, Bash, Python, and PowerShell scripts
• Experience with automation platforms such as Ansible
• Nice to have DevOps/Terraform Engineering experience
• Independent, self-motivated, proactive approach to problem solving and prevention.
• Excellent written and verbal communication skills.
• Passionate about cyber security and the aptitude to identify and solve security problems.
• Hands on Experience with GCP platform, managing various configurations to enable & manage Chronicle/Sentinel/Splunk
• Understand SIEM technologies

How we’ll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

https://www.db.com/company/company.htm

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.