PS Consultant - SIEM

Responsibilities :
Devise a comprehensive log ingestion strategy
Create meticulous and effective correlation rules
Fine-tune log sources and correlation rules to enhance system efficiency
Contribute to the development of detection strategies based on industry best practices
Articulate a step-by-step process to ensure the ingestion of high-quality log sources
Monitor and optimize log sources for optimal performance
Serve as the subject matter expert (SME) in SIEM and SOAR, correlation, and log source
ingestion
Leverage your in-depth knowledge of SIEM and SOAR and SOC practices to assess
customer needs, provide tailored recommendations, and assist in the formulation of
effective security strategies
Produce technical documentation detailing SIEM and SOAR aspects of the engagement
Qualifications :
6+ years of experience in deploying and integrating (SIEM) to enterprise to large
enterprise-level
Deep expertise with load, transformation and correlation of sources such as Cloud,
Endpoint, Firewall
Coordinating and conducting event collection, log management, event management,
compliance automation, and identity monitoring activities using (SIEM) platforms
Architect-level individual with experience in SIEM (Splunk, Netwitness, QRadar, Arcsight
etc.). Candidates with QRadar experience will be preferred.
Ability to perform Threat Hunting exercises from telemetry.
Extensive experience in creating and developing correlation and detection rules, within
a SIEM to support alerting capabilities.
Strong Regular Expression skills.

A proven ability to offer suggestions on detection strategy based on customer
requirements.
Knowledge of Security Analysis Response a plus, including both endpoint, network
cloud-based environments.
Strong technical skills in SIEM/SOAR tools and technologies
Experience in developing and implementing security strategies
Experience in conducting security incident response
Ability to define and design security controls based on NIST, CIS, CSA and other
standards
Certifications such as CISSP, CISM, GIAC, SIEM Vendor Qualification would be
a plus.
Excellent communication and interpersonal skills.