SIEM Operations EngineerJob Description:SIEM Operations Engineer
We are looking for an enthusiastic SIEM Operations Engineer to join our Cyber Security Monitoring & Response team to analyze, identify, and correlate security log events that may pose a threat to our business, and maintain SIEM infrastructure.
SIEM Operations Engineer joining our team will have strong security networking skills and the ability to analyze suspicious network activity and then report or escalate within agreed timescales, and maintain the upkeep of the SIEM architecture. To succeed in this role you will need to have a keen interest in cyber security and be highly motivated when working under pressure.
You will need to have a good eye for detail and the ability to effectively communicate finding, and resolve system issues within acceptable time frames.
As part of this role you will be required to work in an internationally distributed team, with schedule flexibility. You may also be required to operate outside of the expected role responsibilities.Responsibilities:
- Follow direction from the Head of Detection and Response, and bring forward improvement initiatives and implementations for the SIEM
- Work closely with threat intelligence and investigation analysts to implement detection for the knowledge and information shared about current and changing threat landscapes.
- Perform analysis and correlation of 'events of interest' to identify and detect potential security incidents.
- Efficiently and effectively identify potential incidents and escalate according to defined processes and procedures.
- Support post-incident report creation and effectively document changes for SIEM improvement
- Provide log analysis to support wider security operation services such as troubleshooting and the tuning of the SIEM tools.
- Work to defined SLA's and KPI's
- Stay up-to-date on IT security news, trends, threat actors, and the threat landscape.
- Qualifications or experience in a cyber-related field, CompTIA Security+ and/or CompTIA Network+ equivalent or higher is beneficial.
- Strong knowledge of TCP/IP layers and protocols.
- Preferred experience using ArcSight (administration) and experience using SIEM solutions.
- Experience with scripting languages.
- A good understanding of the operation and expected outputs from firewalls, IDPS. EDR, DLP, and AV solutions
- A core understanding of UNIX and Windows based operating systems.
- Knowledge of the cyber kill chain and common tactics, techniques, and procedures.
- 2+ years Experience in SIEM Operations Engineering
- Excellent written and oral communication skills, including report writing,
- Excellent analytical skills
- Good time management skills with the demonstrated ability to work to SLAs and KPIs.
- Able to think critically about security events and solve problems.
- Comfortable to challenge suspicious behavior and network activity.
- Must have a keen and demonstrated interest in the cyber security field.
Corporate AdministrationMicro Focus is proud to be an Equal Opportunity Employer. Prospective employees will receive consideration without discrimination because of race, colour, religion, creed, gender, national origin, age, disability, marital or veteran status, sexual orientation, genetic information, citizenship or any other legally protected status