Job Description

Responsibilities:-

Design, deploy, and maintain SIEM solutions

Configure and fine-tune log sources, collectors, and agents

Develop and implement use cases, correlation rules, and alerts

Monitor and analyze security events and alerts generated by the SIEM system

Investigate and respond to security incidents, performing root cause analysis and recommending corrective actions

Conduct threat hunting activities to identify potential security risks

Ensure comprehensive log collection and retention across various IT systems and applications.

Perform regular log analysis to identify and mitigate security threats

Develop and maintain dashboards and reports for security metrics and trends

Work closely with other IT and security teams to integrate SIEM with other security tools and processes

Provide technical guidance and training to junior analysts and other team members

Communicate effectively with stakeholders to report on security incidents and system performance

Stay updated on the latest cybersecurity threats, trends, and technologies

Recommend and implement improvements to the SIEM system and related processes

Participate in security audits and assessments, ensuring compliance with industry standards and regulations

SIEM Enhancement and Tuning.

Review the SIEM logs for emerging threats and vulnerabilities, identifying areas for improvement in detection and correlation

Rule and alert optimization: Fine-tune existing SIEM rules and alerts to minimize false positives and negatives, ensuring efficient incident identification and response

Log source management: Continuously integrate new log sources and optimize existing ones for efficient data collection and analysis

Develop custom SIEM rules, dashboards, and reports to address specific SOC team requirements and security needs.

Monitor and optimize SIEM performance to ensure efficient resource utilization and timely incident detection.

Requirement gathering and analysis: Actively engage with the SOC team to understand their security monitoring needs and translate them into actionable SIEM configurations

Generate regular reports on SIEM activity, security incidents, and tuning efforts, fostering clear communication with the SOC team

Provide training to SOC analysts on SIEM usage, best practices, and newly implemented features

Collaborate with the SOC team to identify and implement improvements to the overall security monitoring posture.

Escalation and Issue Management: Defined escalation

procedures: Establish clear escalation procedures for high-priority incidents, ensuring timely communication and resolution

Effectively communicate and collaborate with local IT support and security vendors to resolve escalated issues.

Track escalated issues through resolution, documenting steps taken and outcomes for future reference

The SIEM Analyst will work on regular tuning and optimization of SIEM use cases, leading to more effective monitoring, reducing false positives, and ensuring accurate detections.

The SIEM Analyst will work with the SOC team to add new use cases to monitor emerging threats and respond quickly to changes in attack patterns, ensuring proactive security coverage.

The SIEM Analyst will work to ensure that NWS assets are continuously updated in the SIEM, allowing for accurate monitoring and early detection of potential security incidents involving critical assets.

The SIEM Analyst will work on regularly updating the SIEM in response to NWS's IT environment changes, ensuring continuous and comprehensive security coverage.

The SIEM Analyst will provide updates and reports on SIEM system performance and improvements, ensuring that all stakeholders are informed about the system's current state and enhancements.

Requirements

Minimum of 5 years of experience in cybersecurity with a focus on SIEM technologies.

Proven experience with LogRhythm SIEM platform.

Certified LogRhythm Engineer (preferred).

Hands-on experience with log management, threat detection, and incident response.