SIEM Administrator
IBM India Pvt Ltd
Total years of experience :13 years, 3 Months
Perform SIEM product support and implementation.
Configure SIEM systems based on security best practices and client requirements.
Monitor and maintain overall system health of supported SIEM systems.
Assist in end to end fault determination, troubleshooting or escalation of security infrastructure, working with other security personnel as required.
Perform user administration tasks and checks in the SIEM systems.
Identify and design new use cases that address our customer’s needs.
Evaluate, modify and tune the SIEM rules to adjust the specifications of alerts and incidents.
Provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customers.
Assist customers to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources.
Have high awareness of customer service levels when dealing with problems to ensure all SLA’s are met
• Design, integration and support of SIEM solution for the client and assisting as a subject matter expert in SIEM, resolving technical queries from the sales team.
• Daily operational work and workflow of the end customer, implement and administer the SIEM solution at the client site, advice clients on best practices and use cases on how to use the solution to achieve compliance requirements.
• Assist in the ongoing engineering and operation of the Security Operations Centre’s Security Information and Event Management (SIEM) tool. Developing and implementing SIEM use cases to identity and respond to malicious events in real-time.
• Collaborate with security architectures, engineering and operations to ensure effective SOC monitoring is implemented for all environment.
• Providing assistance with the SOC Compliance reports.
• Work with clients to build content and tune content for triggering of security-related events, assessing risk and validity, and assist with building the reporting processes
• Keep updated with respect to knowledge of security threats (including Web, mobile and desktop applications), vulnerabilities and controls, and assess their applicability to client business initiatives and business strategies
• Assist in Designing system architecture requirements necessary for the client to support HA/DR requirements.
• Understand business objectives and information footprint to architect solution - Keep on-self up to date with SIEM adoption drivers such as compliance and regulatory requirements, and evolving threats.
• Implementing Arcsight ESM and Integrating with all the devices such as routers, firewalls, IDS/IPS etc.
• Integration of Arcsight logger and connector appliance with the Arcsight ESM machine.
• Setting up a cluster of ESM to achieve high availability for the Arcsight ESM.
• Development of Custom Use Cases for the monitoring of information systems and creating custom Flex connectors to integrate non-supported devices.
• Integration of several components such as Applications, Databases, OS, firewall, IPS / IDS, Anti APT, End point protection, End point encryption, GRC solution and more components.
• Aggregate IDS/IPS alerting, conduct event consolidation on like alerts, filter IDS/IPS false positives and facilitate incident management. Integrate incident management / case management tools and generate test traffic to test Arcsight SIEM integration with IDS and incident response processes.
• Creating and building new solutions within the SOC using Open Source tools as well as best of breed vendor tools.
• Run awareness and training program for technical staff and others - Document actions / knowledge base to effectively communicate information internally and to customers.
• Handling wide range of security technologies such as SEIM, IDS/IPS, HIDS, malware analysis and protection, identity and access management, and data loss prevention, content filtering technologies, application firewalls, and vulnerability scanners.
• Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Perform forensic analysis of malware, spam, phishes/spoofs and other abuse incidents to understand modus operandi and implement countermeasures in partnership with support and system admin teams
• Assisting with the client in achieving ISO27001 Compliance standard with this implementation.
• Provide and give subject matter approval to the recognised Design Authority for the production and maintenance of relevant IT security infrastructure roadmaps, designs and standards and policies for area of expertise.
• Provide technical expertise and consultancy to other teams on network and infrastructure security.
• Respond to and coordinate significant information security events and incidents per defined process and thresholds as escalated by the security analysts.
• System integration engineer for ArcSight Security Event Manager (SEM) infrastructure in a large data centre services operation.
• Complete life-cycle management with event source system administrators/owners. Includes coordination and planning for system upgrades, new systems, as well as maintaining current operational event flows. Provide optimization of connector interfaces, aggregation, and data normalization.
• Performs all administration, management, configuration, testing, and integration tasks related to the ArcSight system to include server and backup administration tasks.
• Develop & manage use case and content. Analyse requirements of Organisation and develop use cases/content (Dash Boards, Data Monitors, Reports, Rules, Filters, Trends, Active Lists, etc.) to improve efficiency and effectiveness in each discipline
● Configuration of ESM manager, logger, smart connector, console and integration of ESM with multiple devices.
● Develop and test new correlation content and use cases using ESM filters, rules, data monitors, active lists, and session lists
● Investigation and Remediation of the events when triggered from Arcsight ESM.
● Developing Arcsight custom flex connectors such as (Database flex connectors - ID based, Time Based, single line, multiline, Time based, Syslog subagents) that can read and parse the information form the third party devices and mapping the events to the Arcsight event schema.
● Assist in the modification and update of SIEM tool (Arcsight) rules.
● Communicate alerts to other stakeholders regarding intrusions and compromises to their network infrastructure, applications and operating systems.
● Maintain keen understanding of evolving internet threats to ensure the security of client networks.
● Experience of maintaining a secure network through configuring and managing different security enforcing devices such as Firewalls, IDS/IPS devices, knowledge of SNORT.
● Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and stop abnormal behaviours.
● Administrating the branch network of the company and dealing with security issues
● Sound knowledge of IT security best practices, common attack types and detection/prevention methods.
● To install monitor and troubleshoot network solutions for securing the small branch network of the organization.
● Log management of different systems in an internal network.