Security SOC/SIEM Analyst
Company Apply Now
- Security SOC/SIEM Analyst - Aguascalientes Mexico - Platform.- Splunk (Primary), ELK, logrhythm, IDS/IPS, Proofpoint, ESET.
- +3 years' experience as IT Security Operation, SIEM, SOC, Network Security, Threat Analysis or equivalent knowledge.
Knowledge of network architecture strongly preferred.
- Experience in architecture, design and administration of security monitoring tools, such as firewalls, IDS/IPS, proxies, SIEM, etc.
- Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations
- Experience driving remediation, such as firewall rule tuning; agent health on endpoints, insecure configurationsUUnderstanding of network and system intrusion and detection methods. Examples of related technologies include Splunk, Next Generation Endpoint Protection Platforms (EPP),
- Security information and event management (SIEM), hacking tools techniques and procedures.
- Experience with malware analysis, endpoint lateral movement detection methodologies and host forensic tools
- Experience managing a threat monitoring program, including process definition, threat assessment, related operational activities and providing security oversight related to the risk mitigation
- Experience developing SIEM content/use cases with specific experience writing content rules
- Expand the usage of security monitoring tools to improve the security of the environment, including detection, prevention and policy enforcement.
- Define security configuration for monitoring tools, including alerts, correlation rules, and reporting. Leverage a combination---
Activities to Perform:
a. Provide, manage, maintain and staff a 24x7x365 Security Operations Center
b. Coordinate with the Service Desk to provide an IVR option in the Service Desk number for the Security Operations Center
c. Installation, support and maintenance of SOC/SIEM platform (agents, data normalization/collection and console), and High availability of the entire platform
d. identify and correlate security incidents, determinate impact and assign prioritization to resolve.
e. Create/update documentation and process Installation, support and maintenance of SIEM platform (agents, data normalization/collection and console), and High availability of the entire platform
f. identify and correlate security incidents, determinate impact and assign prioritization to resolve.