Vacancy expired!
- Perform QRadar configuration management, troubleshooting, addressing complex issues including day to day operations management related to QRadar.
- Log sources integration and onboarding including custom parser development and tuning. Develop scripts to simplify data collection and automate data onboarding tasks.
- Perform QRadar architecture assessments, design reviews and come up with areas of improvements.
- Coordinate with Content engineers, Threat Management, TIA and Threat Hunting to support advanced Use Case development.
- Help maintain content development/deployment baseline across clients based on the maturity of the client environment as well as the latest trends in security.
- Create Use Case pipeline per client environment, business needs and based on the industry leading standards, best practices and frameworks (like MITRE).
- Deliver SIEM advisory support and education to other SOC and technology management personnel.
- Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs).
- Keep abreast of latest IT security, regulatory and compliance trends to support various risk and data models.
- Review system security plans, network diagrams, and vulnerability and patching requirements.
- Develop scripts to simplify data collection and automate data onboarding tasks.
- Perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks and other Technical documents.
- Submit documentation through the Quality Review Management process.
- Provide 24/7 on-call support (as needed).
- Mentor and train Junior SIEM Engineers.
- Coordinate with various technical groups and attend in-person client meetings.
- Build relationships with client counterpart (i.e. Client Lead Security Engineer).
- Adhere to internal operational security and other Deloitte policies.
- Participate in short term project work as assigned.
- Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
- 4+ years' experience in security information and/or technology engineering support.
- Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
- Able to support rotating shifts to support 24X7 operations
- Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Detailed knowledge in system security architecture and security solutions
- Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice).
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
- Excellent interpersonal and organizational skills
- Excellent oral and written communication skills
- Strong analytical and problem-solving skills
- Self-motivated to improve knowledge and skills
- A strong desire to understand the what as well as the why and the how of security incidents
Vacancy expired!