SOC Integration Engineer / Senior Engineer (Banking)

1.            Ensure that all log sources are reporting to the SIEM platform in order to maintain the availability of the logs.

2.            Ensure all the integrated assets are reporting to their relevant solution (such as Data Activity Monitor, File Integrity Monitor, Firewall Monitor, SOAR, or TIP)

3.            Monitor the log sources to make sure the log sources are sending proper logs that are used to identify incidents for reporting, detecting incidents and / or contextual data by designing and creating dashboards & periodical reports to ensure that all the integrations are functional and in healthy posture.

4.            Implement and fine tune use cases over different SOC technologies (including but not limited to SIEM) as required by Security Intel team to identify incidents.

5.            Implement Runbooks & automations for detection and response over SOAR platform.

6.            Maintain & enhance TIP technology according to Threat Intel team operation requirements.

7.            Integrate new commercial and non-commercial Threat Intel feeds with the TIP solution to enhance SOC detections, identifications, investigation and response.

8.            Recommend, develop and release new integrations to maximize the benefits and efficiencies from a SOAR platform.

9.            Generate reports as required by SOC management teams to be presented to the management to be used in further data analysis.

10.          Work with IT systems owners to establish SIEM & SOAR technologies integrations to meet the strategic goals of identifying security incidents by defining Use Cases.

11.          Deployment and Development of customized and non-customized SIEM connectors for supported and unsupported SOC log sources, and modify configuration files to achieve the full integrations with different log sources.

12.          Develop scripts (Java, Python, Bash) whenever required for automating SOAR responses and SIEM log collection.

13.          Fine tune collected log events to minimize false positive alerts.

14.          Prepare reports to ensure compliance with the SOC requirements from regulatory and security perspectives.

15.          Ensure effective records of log resources and SOC relevant platforms, to maintain the integrity and availability of all evidences used for incident response

16.          Manage the continuous improvement of systems engineering processes and activities to enhance the efficiency and effectiveness of reporting and alerting.

17.          Research, analyse and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, EDR, operating systems, etc…), in order to increase effectiveness of the log correlation.

18.          Provide technical inputs to management during proof-of-concept reviews for new security products to ensure alignment with the set policies and guidelines.

19.          Provide technical guidance to the Security teams and / or the lines of business during investigations or incident response in order to help in the investigation and root cause analysis.

Requirements

• Bachelor’s degree of Engineering, Computer Science or equivalent.
• Minimum 3 - 6 years of experience in SIEM Technology platforms (5 - 8 years of experience for senior)
• Working knowledge of Information Security concepts and practices
• Very Good experience of the SIEM, SOAR, TIP, DAM and FIM solutions
• Knowledge of Data Activity Monitor and File Integrity Monitor solutions
• General network knowledge, TCP / IP Troubleshooting
• Familiarity with system log information and what it means
• Understanding of common network services (web, mail, DNS, DHCP, authentication)
• Strong shell scripting experience using Bash, and Python
• Knowledge of systems metrics and performance monitoring
• Experience with virtual environments and containers (Docker, LXC)
• Strong Linux and Windows knowledge
• Good understanding of Database concepts
• Recommended –one or more of- the below certifications :

o             SIEM Vendor Related Certificates

o             SOAR Vendor Related Certificates

o             TIP vendor related certificates

o             SANS Global Information Assurance Certification (GIAC)

o             EC-Council – CEH

o             CISM

o             CISSP