Duties and Responsibility
- Provide 1st level escalation for SIEM operations.
- Collaboration with various teams such as NOC, IDC, AD, AV for issue resolution and mitigation.
- SIEM tool management and day to day operations.
- Implement product updates and create/develop rules for the SIM technology.
- On boarding of new devices to SIEM tools.
- Performing real-time analysis of security events from multiple sources including events from network and host-based intrusion detection, firewall logs, system logs (Unix & Windows), applications and databases during the service window.
- Maintain documentation of the new changes, updates, configuration changes.
- Responsible for overall management of SIEM tool.
- Additional responsibilities will include performing vulnerability assessments on critical assets.
- Generate and submit reports on monthly basis.
- Configuring new correlation rules and alerts as and when required.
- Communicate and escalate issues and incidents as required by process or management
- Documentation of actions taken for audit, regulatory and legal purposes