SIEM

GlobeOSS


Date: 1 week ago
City: Shah Alam
Contract type: Full time
Security Information & Event Management(SIEM) Engineer - Developer

APPLY

Full-Time (Permanent)

Location: Shah Alam

Job Responsibilities

  • Setting up security monitoring tools to receive raw security-relevant data (e.g. login/logoff events, persistent to outbound data transfers, firewall allows/denies, etc.). This includes making sure critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending logs to log management, log analytics, or SIEM tool.
  • To use these tools to find suspicious or malicious activity by analysing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing findings with the threat intelligence SMEs; etc.
  • Identifying capabilities and quality of these feeds and recommending improvements.
  • Researching and developing new threat detection use cases based on threat research findings, threat intelligence, analyst feedback and available log data.
  • Performing activities within the content life cycle, including creating new parsers/connectors and use cases, testing content; tuning, and removing content; and maintain associated documentation.
  • Creating specifications that junior content engineers can leverage as use case requirements.
  • Working with the other security functions and product SMEs to identify gaps within the existing analytical capabilities.
  • Developing of custom scripts as required to augment default SIEM functionality.
  • Participating in root cause analysis on security incidents and provide recommendations for containment and remediation.
  • Acting as the liaison to business units to fulfill audit, regulatory compliance as well as corporate security policy requirements.
  • Creating, implementing, and maintaining novel analytic methods and techniques for incident detection.

Requirements

  • Bachelor’s Degree in Computer Science/Information Security or similar discipline is preferred.
  • Experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).
  • Understanding of various log formats and source data for SIEM Analysis.
  • Minimum 5 years of information security experience, preferably engineering or development.
  • 3 years experience supporting a SIEM platform in a content development role.
  • 2 years experience performing SOC analysis and/or incident response.
  • Prior Senior-level experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).
  • Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.
  • Strong incident handling/incident response/security analytics skills.
  • Deep understanding of technical concepts including networking and various cyber-attacks.
  • Solid background with Windows and Linux platforms (security or system administration).

Personal Attributes

  • Willing to travel for customer support related assignment.
  • Motivated, independent, team player and able to build and maintain good relationship with customer.
  • Fluent in oral and written English.
  • Possess good presentation skills.

BACK

APPLY

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Sales Admin

Porite Taiwan Co., Ltd., Shah Alam
2 hours ago
Job DescriptionTo monitor and assist ERP/SAP system running smoothly in Sales Key in PO in SAP systemPrepare Invoice & Delivery OrderPrepare quotation for new part, cost up or cost downArrange for shipmentsDeal with customerPrepare Monthly & Yearly Sales ReportOther Admin's jobInterested candidates please submit your application through Jobstore

Primary Banker, Shah Alam Branch

HSBC, Shah Alam
6 days ago
Job DescriptionSome careers have more impact than others.If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be.HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive...

Clerk Grade III

DKSH, Shah Alam
6 days ago
Job summary:To manage overall order processing Outbound covering Outbound capacity in Distribution CenterJob Responsibilities:To assist the supervisor and executive in-charge in ensuring the related EDP processes is in accordance to the existing SOPs for effective performance and meeting KPI datelines.To check and process all documents pertaining to EDP functions (TRAs, TOs, SIAs, SRA, Arrivals) and related documents are processed accurately...