Consultant | Security Information and Event Management (SIEM) | Delhi | Cyber Defense & Resilience

Position Title: L1 Engineer  

Department: Security Operations  

Experience required :2-4 Years | consultant 

-----------------------------------------------------------

Position Overview:

We are seeking a detail-oriented and proactive LogRhythm L1 Engineer to join our security operations team. As a Level 1 Engineer, you will be responsible for monitoring, triaging, and responding to security events and alerts using the LogRhythm Security Information and Event Management (SIEM) platform. You will play a critical role in identifying potential security incidents, ensuring timely escalation, and supporting the team in maintaining an effective security posture.

Key Responsibilities:

- Log Monitoring and Event Analysis:

 - Monitor and analyze security event logs from various systems, devices, and applications via the LogRhythm SIEM platform.

 - Respond to and investigate security alerts generated by LogRhythm, assessing the severity and impact.

 - Identify and escalate potential security incidents based on predefined criteria, ensuring appropriate action is taken.

- Incident Triage and Response:

 - Perform initial analysis on security alerts to determine if they are false positives or require further investigation.

 - Classify incidents based on their severity and impact, following standard operating procedures for escalation.

 - Collaborate with higher-level engineers and security teams to investigate and resolve security events.

- Reporting and Documentation:

 - Maintain accurate and timely documentation of security events, incidents, and actions taken.

 - Assist in generating daily, weekly, and monthly security reports for internal stakeholders.

- LogRhythm Platform Management:

 - Assist in the maintenance and configuration of LogRhythm SIEM, ensuring proper data ingestion, parsing, and normalization of logs.

 - Support continuous improvement of detection and alerting capabilities by working closely with senior engineers to refine detection rules, correlation rules, and use cases.

- Collaboration and Communication:

 - Work closely with other security engineers, SOC analysts, and incident response teams to ensure effective incident resolution.

 - Communicate findings clearly and effectively to both technical and non-technical stakeholders.

- Knowledge Sharing and Development:

 - Stay up to date with the latest security trends, vulnerabilities, and technologies to enhance the organization's security monitoring capabilities.

 - Participate in training and development to increase expertise in security operations and the LogRhythm platform.

Skills & Qualifications:

- Technical Skills:

 - Hands-on experience with LogRhythm or other SIEM platforms (such as Splunk, QRadar, or ArcSight) is highly desirable.

 - Basic knowledge of networking protocols (TCP/IP, HTTP, DNS, etc.), firewalls, intrusion detection/prevention systems (IDS/IPS), and other security technologies.

 - Familiarity with common security tools, including antivirus, EDR, and vulnerability management tools.

- Experience:

 - Prior experience in a Security Operations Center (SOC), IT security, or incident response role is preferred, but not required.

 - Experience in event log analysis and understanding of common attack vectors and techniques.

- Soft Skills:

 - Strong analytical and problem-solving skills.

 - Excellent communication skills, both verbal and written.

 - Ability to work effectively under pressure and handle multiple tasks simultaneously.

- Certifications (Preferred but not required):

  - CompTIA Security+, CEH or similar certifications.

 - LogRhythm Certified Security Analyst or other SIEM-specific certifications are a plus.

Education:

- Bachelor’s of Technology in Computer Science, Information Security, or related field, or equivalent work experience.