Our client an Healthcare company based in Abu Dhabi is looking for a Resident Engineer :
Resident Engineer services as an escalation point for critical and complex SIEM tools and technologies, performs configuration assistance, and assists with developing and documenting use cases based on Business requirements.
To manage the SOC tools (SIEM, VA) deployed by Etisalat within the SIEM/SOC project. Liaise with SOC team to fine-tuning False positive SIEM alerts daily basis.
✓ Keep all SOC tools up to date with software and firmware updates.
✓ Investigate all suspicious activities based on alerts generated by SIEM/SOC tools.
✓ Investigating, documenting and reporting on any security alerts reported by SIEM and emerging trends.
✓ Threat and Vulnerability analysis.
✓ Escalate Validated and confirmed incidents to designated incident response team.
✓ Fine –tune SIEM rules to reduce false positive and remove false negatives.
✓ Proactively research and monitor security information to identify potential threats that may impact the organization.
✓ Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
✓ Work closely with Vulnerability Management and designated incident response team ✓ Track and update incidents and requests based on client’s updates and analysis results ✓ Threat Hunting using SIEM and creation of use cases based on latest Threats, IOCs and IOAs. ✓ Responsible for Training and Mentor SOC team and members for investigations and log analysis.
✓ Expertise in Security Operations Architecture, Data Protection, Network Security and Endpoint Security
✓ Responsible for defining Use Cases, creating reports, and Creating policies as per IT Security best practices and customer requirement on IBM Qradar.
✓ Analyze SOC alerts statistics and workflows to reduce false positives and properly focus engineering efforts. ✓ Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
✓ Good knowledge of AQL for threat hunting activities.
✓ Content development experience in enriching the logs and automated actions.
Skills and Certification
✓ IBM Certified Associate Administrator – Security Guardium Data Protection V10.1.2
✓ IBM Certified Associate Administrator – IBM QRadar SIEM V7.3.2 •
✓ Technical Sales Foundations for IBM QRadar for Cloud (QRoC) V1
✓ Red Hat Certified System Administrator (RHCSA).
✓ Red Hat Certified Engineer (RHCE).
✓ Certified Cylance Security Professional (EDR).
✓ Splunk 7.x fundamentals certified.
✓ Knowledge on Python scripting
✓ Demisto , Cortex XSOAR.
✓ Certified Ethical Hacker (CEH)