Information Security Consultant - SIEM/SOAR Tools (6-10 yrs)

Role & Responsibilities :

- Devise a comprehensive log ingestion strategy

- Create meticulous and effective correlation rules

- Fine-tune log sources and correlation rules to enhance system efficiency

- Contribute to the development of detection strategies based on industry best practices

- Articulate a step-by-step process to ensure the ingestion of high-quality log sources

- Monitor and optimize log sources for optimal performance

- Serve as the subject matter expert (SME) in SIEM and SOAR, correlation, and log source ingestion

- Leverage your in-depth knowledge of SIEM and SOAR and SOC practices to assess customer needs, provide tailored recommendations, and assist in the formulation of effective security strategies

- Produce technical documentation detailing SIEM and SOAR aspects of the engagement

Ideal Candidate :

- 6+ years of experience in deploying and integrating (SIEM) to enterprise to large enterprise-level

- Deep expertise with load, transformation and correlation of sources such as Cloud, Endpoint, Firewall

- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using (SIEM) platforms

- Architect-level individual with experience in SIEM (Splunk, Netwitness, QRadar, Arcsight etc.). Candidates with QRadar experience will be preferred.

- Ability to perform Threat Hunting exercises from telemetry.

- Extensive experience in creating and developing correlation and detection rules, within a SIEM to support alerting capabilities.

- Strong Regular Expression skills.

- A proven ability to offer suggestions on detection strategy based on customer requirements.

- Knowledge of Security Analysis Response a plus, including both endpoint, network & cloud-based environments.

- Strong technical skills in SIEM / SOAR tools and technologies

- Experience in developing and implementing security strategies

- Experience in conducting security incident response

- Ability to define and design security controls based on NIST, CIS, CSA and other standards

- Certifications such as CISSP, CISM, GIAC, SIEM Vendor Qualification would be a plus.

- Excellent communication and interpersonal skills.