Trantor Software - SIEM Engineer - Log migration & Detection (6-8 yrs)

As a SIEM Engineer, you will be responsible for assisting with the log migration and detection strategy of our customers.

You will ensure that all of the relevant log sources are onboarded and ingested into SOAR in accordance with industry best practices and customer requirements.

You will then work to determine a suitable detection strategy, helping to protect customers from threats, by designing and implementing correlation rules.

Responsibilities :

- Devise a comprehensive log ingestion strategy.

- Create meticulous and effective correlation rules.

- Fine-tune log sources and correlation rules to enhance system efficiency.

- Contribute to the development of detection strategies based on industry best practices.

- Articulate a step-by-step process to ensure the ingestion of high-quality log sources.

- Monitor and optimize log sources for optimal performance.

- Serve as the subject matter expert (SME) in SIEM and SOAR, correlation, and log source ingestion.

- Leverage your in-depth knowledge of SIEM and SOAR and SOC practices to assess customer needs, provide tailored recommendations, and assist in the formulation of effective security strategies.

- Produce technical documentation detailing SIEM and SOAR aspects of the engagement.

Qualifications :

- 6+ years of experience in deploying and integrating (SIEM) to enterprise to large enterprise-level.

- Deep expertise with load, transformation and correlation of sources such as Cloud, Endpoint, Firewall.

- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using (SIEM) platforms.

- Architect-level individual with experience in SIEM (Splunk, Netwitness, Qradar, Arcsight etc.)

- Candidates with Qradar experience will be preferred.

- Ability to perform Threat Hunting exercises from telemetry.

- Extensive experience in creating and developing correlation and detection rules, within a SIEM to support alerting capabilities.

- Strong Regular Expression skills.

- A proven ability to offer suggestions on detection strategy based on customer requirements.

- Knowledge of Security Analysis & Response a plus, including both endpoint, network & cloud-based environments.

- Strong technical skills in SIEM/SOAR tools and technologies.

- Experience in developing and implementing security strategies.

- Experience in conducting security incident response.

- Ability to define and design security controls based on NIST, CIS, CSA and other standards.

- Certifications such as CISSP, CISM, GIAC, SIEM Vendor Qualification would be a plus.

- Excellent communication and interpersonal skills.

Immediate and early joiners will be preferred.