Job Description

Job Purpose:We are seeking a highly experienced Senior SIEM Architect/Engineer to lead the design, implementation, and maintenance of our SIEM system. The ideal candidate will have a deep understanding of security engineering, architecture, and SIEM technologies, as well as a proven track record of success in managing and mentoring teams.Responsibilities:

• Lead the design and implementation of SIEM architecture
• Engineer and optimize SIEM systems
• Develop and maintain advanced SIEM content (rules, reports, dashboards)
• Integrate SIEM with other security tools and systems
• Troubleshoot complex SIEM issues and perform root cause analysis
• Collaborate with security analysts to ensure effective incident response
• Stay up-to-date with emerging threats and technologies
• Manage and mentor a team of junior SIEM engineers
• Develop and maintain documentation and standards
• Participate in security architecture and engineering discussions

Project management

• Manage SIEM projects from initiation to delivery
• Develop project plans, timelines, and resource allocation
• Coordinate with stakeholders to ensure project deliverables meet requirements

Stakeholder communication

• Communicate project status and progress to stakeholders
• Ensure effective communication between technical and non-technical stakeholders

Vendor selection and evaluation

• Lead the evaluation and selection of SIEM vendors and tools
• Develop RFPs and RFIs
• Conduct vendor demos and proof-of-concepts

Drive vendor relationships

• Manage vendor contracts and negotiations
• Ensure vendor deliverables meet requirements

• Be part of the security engineering team of the SOC - a diverse, international team, with an Agile/DevOps approach and cross-skilled experience and knowledge, providing a secure environment and enabling the Security Operations analysts, incident responders and threat hunters to better defend the organization and its assets, and better respond to threats.
• Be involved in full cycles of designing, building, fine tuning and improving security detection and response capabilities understanding threat actors\' TTPs; use data analytics, define and implement new tooling and collaborate with stakeholders to improve response actions in a large cyber defense SOC environment, with a focus on SIEM content.
• Optimize best data collection and analysis, acting on data and reporting utilizing SIEM and SOAR approach and tools to optimize and automate for efficient resource management, proper use case / model build up and fine tuning and overall intelligent detection linked to the threat model and business realities within the global business environment you are defending.
• Contribute to securing both internal networks/infrastructure and cloud (Azure, AWS, GCP) infrastructure and the relevant applications, enabling better monitoring and detection by utilizing large amounts of data and modern detection techniques.
• Stay on top of ongoing security threats and overall developments in the security landscape linked to the organization's threat model, and bring from an engineering perspective insight on how to leverage new methodologies, tools and optimizations and practically implement these
• Comfortable working with and making the most of large data sets (collection, analysis, response), creating content/use cases/models and bringing an automation mindset.
• Experience with SIEM, Network Security (IDS/IPS), EDRs, cloud native security tools.
• Automation experience and comfortable with programming / scripting (python/ shell/bash or similar) enabling you to do that.
• Role focuses on content development (taking user stories and developing use cases, updating and optimizing current use cases / sources / SIEM connectors etc.) using sources from cloud and hybrid infrastructure.
• Working knowledge of security alert triage and analysis methods (e.g., use of correlations, behaviors, and patterns, pivoting, enriching alert data and providing remediation recommendations)
• Knowledge of detection rule logic management (e.g., creation, tuning and management methods)
• Knowledge of cybersecurity frameworks (e.g., Mitre ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks)
• Knowledge of cloud infrastructures and cloud security monitoring (Azure, AWS, and GCP)
• Knowledge of network communication concepts including ports, protocols, and encryption
• Plan, direct and control the SOC functions and operation
• Ensure the monitoring and analysis of incidents to protect People, Technology and Process addressing all security incidents and ensuring timely escalation.
• Direct the Cyber Intelligence capability to identify potential threats delivering strategic reports and strategies to minimise the impact of the threat.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives
• Revising and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
• Responsible for overall use of resources and initiation of corrective action where required for Security Operations Center
• Ensuring threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
• Co-ordination with stakeholders, build and maintain positive working relationships with them
• Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis.
• Oversee technical delivery, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence.
• Benchmark, analyze, report on, and make recommendations for the improvement and growth of the Next Generation infrastructure and systems.
• Participate in quarterly business reviews with vendors and customers.
• Manage the deployment, monitoring, maintenance, development, upgrade, and support of all Client managed systems, operating systems, hardware, and software.
• Collaborate and consult with other Group Managers on the overall advancement of the Emerging Services organization and Optiv in general.
• Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change.

Educational Qualification

• Engineering graduate from Computer Science, IT, Telecommunication or a similar discipline
• Post-Graduation: PGDIT, MCA, MBA

Key Skills

• Certification like CISSP, CISA or CISM
• Ability to handle senior management escalation.
• Vendor management Skills
• Effective communication
• Proficient team leader
• Strategic skills
• Decision making and communication.
• Risk management skills
• Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry
• Technical working knowledge, understanding of SIEM technology, various other security technology (EDR, NDR, HIPS, WAF, IDS, IPS, Firewall, Networking) etc.

Experience

• Overall 12 - 15 year on experience in Information/Cyber Security experience working in a SIEM tool (Next-Gen SIEM, UEBA, etc.) with strong background in security incident monitoring, response, and operations.
• Experience in managing 24x7 Cyber Security Operations Center (CSOC) for 5+ years managing teams from Leadership level primarily involved in Cyber Defense
• Experience in managing 20+ members team which may include vendor teams.
• Certification like SANS, OSCP/OSCE and CREST will be added advantage (CEH, Security+, OSCP, CISSP or other industry-relevant cyber-security certifications and ITIL V3.0, GIAC (e.g. GCIA, GCFE, GCIH), ISC2 (e.g. CCSP), or EC-COUNCIL (e.g. CEH) preferred. Etc.)

RiverForest Connections