Senior Engineer

 

About The Role :: 

Job Title - CSA SIEM Admin (Chronicle, Sentinel and Splunk )

Location - Pune

Role Description

The COO Chief Information Security Office (CISO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization. You will be part of a global SIEM admin/operations team.SIEM Administrator will be responsible for maintaining SIEM(Chronicle, Sentinel and Splunk) instances by making sure all SIEM deployment devices are working properly, efficiently and with desired performance. SIEM Administrator main duties and responsibilities:managing user access, verifying availability, monitoring database loads, managing application performance, capacity and availability, monitoring disk space, verifying log continuity and log management reports, application problem determination/problem source investigation, monitoring SIEM system patches and upgrades, installing application patches as needed, verifying data collection, verifying backups are running and complete.

What we'll offer you

As part of our flexible scheme, here are just some of the benefits that youll enjoy

Best in class leave policy

Gender neutral parental leaves

100% reimbursement under childcare assistance benefit (gender neutral)

Sponsorship for Industry relevant certifications and education

Employee Assistance Program for you and your family members

Comprehensive Hospitalization Insurance for you and your dependents

Accident and Term life Insurance

Complementary Health screening for 35 yrs. and above

Your key responsibilities

Engineer, implement& supportSIEM platforms (Chronicle, Sentinel & Splunk)

Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform

Provide production support for the platform as part of the team to ensure smooth operations, system function & system health

Proficiency developing log ingestion and aggregation strategies

Hands-on experiences with Sentinel SIEM administration, Configuration, and management of solutions.

Experience with policy tuning, customization, implementation of best practices, determine specific value driven use cases, and fully integrate the solution into the environment.

Good understanding about terraform & deployments.

Understanding of MITRE ATT&CK and NIST Cyber Security Frameworks standards and implement on DB SIEM (Chronicle, Sentinel and Splunk).

On-board new data sources into Chronicle, Sentinel analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.

Contribute to product architecture, engineering & roadmap for the multi SIEM platform

Develop security-focused content for Chronicle/Sentinel, including creation of complex threat detection logic and operational dashboards

Work with cross-functional teams to proactively improve on existing integration automation/workflows.

Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.

Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.

Passionate about data to drive information-based security analytics

Manage backend functionalities for Chronicle

Work with end users to understand and define the requirements

Recommend GCP best practices for implementation

Create Operational Documents for process

Your skills and experience

The candidate must have Degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of 10+ years of experience in with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity.

10+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms

6+ years of Experience implementing, architecting and administering SIEM platforms like Chronicle, Sentinel, Splunk, ArcSight, Qradar etc., for a large global organization

Knowledge of GCP services and data ingestion from those services into SIEM.

Experience developing in XML, Bash,Python, and PowerShell scripts

Experience with automation platforms such as Ansible

Nice to have DevOps/Terraform Engineering experience

Independent, self-motivated, proactive approach to problem solving and prevention.

Excellent written and verbal communication skills.

Passionate about cyber security and the aptitude to identify and solve security problems.

Hands on Experience with GCP platform, managing various configurations to enable & manage Chronicle/Sentinel/Splunk

Understand SIEM technologies

How we'll support you

Training and development to help you excel in your career

Coaching and support from experts in your team

A culture of continuous learning to aid progression

A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:



https://www.db.com/company/company.htm

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.