ROLES AND RESPONSIBILITIES:

• Good knowledge & working experience on central logging, event correlation, security incident management, SIEM architecture
• Experience in implementation and management of the Splunk (SIEM solution) , configuration, data onboarding etc
• Experience in writing complex correlation rules, log source integration with SIEM
• Implementation, configuration and management of SIEM solution.

· Capabilities of performing the enterprise wide security assessment

· Tools and Technologies: Arcsight, McAfee Nitro Security, Log Logic, Splunk

· Security Incident Management and Response experience.

· Firewall, IPS and Proxy management.

· Log Source integration with SIEM.

· Experience in writing XML parsers.

• Create, customize and manage dashboards / reports.
• Working experience in alert handling,standard availability and performance report generation.
• Hands-on experience in root cause analysis of post-production performance related issues.Working knowledge of scripting languages
• DLP, anti-virus and anti-malware
• Use of system tools such as wireshark, ethereal, packet analyser etc
• Cloud computing
• SaaS models
• Investigate security events and incidents escalated by SOC Lvl1 and Lvl2 analysts, mitigate the threat and prevent future occurrences
• Proficient in creating SIEM use-cases, correlation rules and baselines to monitor Malicious activity, IOCs and anomalies
• Work with Splunk Admin to onboard necessary logs
• Integrate Threat intelligence and other enrichment feeds to SIEM tool
• Ability to perform Major Incident Management and Incident Response
• Identify and assist in reducing False Positive Events by tuning Splunk UseCases
• Provide tuning and security standards recommendations to AMD Engineers
• Stay abreast of current threats and vulnerabilities, identify and report threats relevant to the environment
• Deep understanding of the ATT&CK matrix, with experience building use cases and SOPs around specified techniques.
• Proficient in creating and enhancing processes and SOPs
• Knowledge of integrating SOAR tools, creating playbooks and workflows
• Drive the identification, creation and refinement of the team’s processes and procedures