Make an impact with NTT DATA and join a company that is pushing the boundaries of what is possible. The Security Managed Services Engineer (L2) is a developing engineering role responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational.
Requirements
- Min 4+ Years exp in Soc along with SIEM (Splunk)
- Min 2 years Hands on exp in Splunk
- Configure and maintain the SIEM system, ensuring that it's properly set up to collect and analyze security event data
- Develop, customize, and manage security rules within the SIEM to detect and respond to security threats
- Monitor SIEM alerts, investigate them, and take appropriate actions based on the severity and nature of the alerts
- Manage security incidents through all incident response phases to closure
- Utilize SIEM, SOAR, UEBA, EDR, NBAD, PCAP, Vulnerability Scanning, and Malware analysis technologies for event detection and analysis
- Update tickets, write incident reports, and document actions to reduce false positives
- Develop knowledge of attack types and fine-tune detective capabilities
- Identify log sources and examine system logs to reconstruct event histories using forensic techniques
- Align SIEM rules and alerts with the LIC's security policies and compliance requirements
- Conduct computer forensic investigations, including examining running processes, identifying network connections, and disk imaging
- Maintain and support the operational integrity of SOC toolsets
- Collaborate with SIEM solution vendors for updates, patches, and support to ensure the system's reliability and effectiveness
- Maintain thorough documentation of the SIEM system's configuration, procedures, and incident response plans
- Proactively identify and report system security loopholes, infringements, and vulnerabilities to the Security Operations Centre Manager in a timely manner
- Work closely with other IT and security teams during incident response, coordinating efforts and sharing information to mitigate security incidents effectively
- Ensure that the SIEM system helps the LIC meet regulatory compliance requirements and is ready for security audits
- Continuously optimize the SIEM system for efficient performance, ensuring it can handle the volume of data and remain responsive
- Develop automation scripts and workflows to streamline common security response tasks and enhance efficiency
