SOC Tools Engineer

Position Summary:

The SOC Tools Engineering and Operational Lead Engineer is responsible for the engineering and administration activities of SOC tools, such as SIEM, SOAR, and deception technology. Continuously focus on enabling Automations to Support SOC Tools Administrations & Security Incident Detections and response activities.

Job Description:

• Daily Operational management of SOC Tools. (Including SIEM, SOAR..etc Components Infra Maintenance).
• Log, Alert & Enrichment sources integrations with SOC Tools.
• Co-ordinate with different stakeholders to understand the Integration sources to ensure appropriate baseline created and maintained as per industry standards.
• Ensure appropriate correlation rules are in place against the log source types for threat/anomaly detections.
• Ensure proper Incident types, fields, playbooks are defined for Automations in SOAR.
• Continuous touch base with Incident Detection and Response team to fine tune the rules with adequate threshold based on their feedback.
• Evaluate New SOAR/SIEM/Log analytics/big data forensic technologies products to maintain our tools base per industry standard and Olam requirements. (including Open source)
• Interface with stakeholders in different parts of the globe to ensure systems are deployed to the appropriate configuration.
• Develop metrics dashboard to identify trends, anomalies, and opportunities for improvement.
• Ensure adequate change management and documents maintained for SIEM related Changes.
• Periodical review of SOC Tools Architecture, Log Baseline, Rules, Assets health, Automations, Playbooks..etc.
• Ensure high quality of Industry standards and brand consistency in all IT projects.
• Ensure to work with technology stakeholders to enable the deception decoys.

Profile Description:

• Must have 4+ years of experience in Splunk On Prem & Cloud SIEM Engineering and Administration.
• Should have hands on experience in Implementation, configuration, and management of SIEM & SOAR technologies. (Prefer Splunk, Elk, Sumologic, Demisto)
• Should have hands on experience in creating custom correlation rules/alerts, searches, and data analytics in Splunk or similar Log analytics tool.
• Should have hands on experience in creating custom playbooks, automation scripts in SOAR.
• Strong knowledge in Broad infrastructure and technology background including demonstrable understanding of security operations in critical environment.
• Have sound analytical and problem-solving skills.
• Should have some experience with cloud infrastructure like Microsoft Azure, AWS & GCP.
• Prefer Splunk or Similar log analytics certified Professional.
• Must have strong scripting & Programming language knowledge. (PowerShell, Python, Vbscript,c\c++,.net..etc)