As a SIEM Engineer, you will primarily be responsible for the professional support and delivery of infrastructure to our Managed Detection & Response clients.
We are looking for a candidate with previous experience in administering various flavours of Linux operating systems in a Microsoft Azure environment. Ideally, you will have been working with the technology stack comprising our SIEM platform including Elastic, Sentinel, and platform as a service (PaaS) tools like Docker.
You will be familiar with industry standard frameworks such as ITIL and the CIS Hardening Guides, and have working knowledge of Jira, GIT and other key deployment tools.
You will have excellent organisational and communication skills (both oral and written), and attention to detail. You should be comfortable conversing on the phone or in a video call with internal and external stakeholders as well as technical and management resources from other parts of the organisation.
You must be a citizen of India, or eligible for a visa to work in India.
- Provisioning ElasticSearch Clusters for production and testing
- Tuning, administering and refactoring ElasticSearch Cluster setup
- Development of Kibana dashboards that provide insight into our operations of the various products
- Supporting the SOC team with the use of Ansible, Docker, and other forms of automation and containerisation
- Assist in supporting the role of data and ELK with regards to CI/CD
- Onboarding of new clients into dedicated Azure environments and migration of existing clients into current infrastructure
- Supporting Incident Response through automation for major incidents experienced by clients
Microsoft Sentinel Responsibilities
- End-to-end deployment of Azure Sentinel
- Configuration of data connectors for security events, threat intelligence platforms, Linux Syslog, Office 365, etc.
- Configuration of Linux Syslog servers for ingestion of logs via Log Analytics agents
- Create custom analytics rules to detect threats
- Build dashboards for clients and visualise collected data
- Manage client infrastructure including Linux servers and various Azure capabilities
- Proactively identify potential issues in systems and technology stacks, and coordinate with other team members to ensure operational issues do not impact client-facing SLAs
- Monitoring and troubleshooting of functional and performance issues
- Implementation of hardening measures and security baselines
- Acting as a point of escalation in service incidents
- Testing and validation of new technologies to be integrated into future architecture releases of our containerised platforms
Want to be part of the team?
Apply by sending your CV and cover letter to firstname.lastname@example.org