Senior Manager

Apply now »

Date: Sep 7, 2024

Location: NAVI MUMBAI

Company: icicisecur

Experience working within the Security Operations Centre, with emphasis on security platform implementation & administration.
•    Bachelors (Graduation) or higher in Computer Science or equivalent.
•    Experience with LogRhythm and/or other platforms SIEM systems like SPLUNK, ArcSight.
•    Experience with IBM Resilient (preferred) or equivalent SOAR technology like Demisto, Splunk, Service Now

Technical Experience & Skills Required:
•    Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing.
•    Experience with deploying and managing a large SIEM deployment.
•    Excellent understanding of enterprise logging standards, with a focus on application logging
•    Advanced knowledge of content creation concepts and best practices
•    Excellent understanding of regular expressions, development of custom/flex Parsers
•    Strong knowledge of frameworks such as Cyber Kill Chain, Mitre and Adversary Tactics, Techniques and Procedures.
•    Experience in Implementation and support of major SOAR platform (preferred – IBM Resilient) and developing playbooks for automation.
•    Expertise in writing searches, SIEM Infrastructure and content use case development, well-versed with SIEM architecture and design
•    Experience in SIEM & Resilient Administration and analytics development on Information Security, Triage events, Incident Analysis.
•    Hands on exp with information security tools such as SIEMs, FW, IDS/IPS, EDR, Sandboxes, Vulnerability Management, etc.
•    Excellent Python and Unix Shell scripting skills
•    Understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.

•  Excellent understanding of Cyber Security Operations, Incident Response processes.
•    Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plus.
•    Experience working in a large enterprise environment and integrating solutions in a multi-vendor environment.

 Preferred product specialization certifications on QRadar or LogRhythm (SIEM), Resilient (SOAR), CrowdStrike (EDR), Mimecast (Email Security)