Configure and fine-tune log sources, collectors, and agents
Develop and implement use cases, correlation rules, and alerts
Monitor and analyze security events and alerts generated by the SIEM system
Investigate and respond to security incidents, performing root cause analysis and recommending corrective actions
Conduct threat hunting activities to identify potential security risks
Ensure comprehensive log collection and retention across various IT systems and applications.
Perform regular log analysis to identify and mitigate security threats
Develop and maintain dashboards and reports for security metrics and trends
Work closely with other IT and security teams to integrate SIEM with other security tools and processes
Provide technical guidance and training to junior analysts and other team members
Communicate effectively with stakeholders to report on security incidents and system performance
Stay updated on the latest cybersecurity threats, trends, and technologies
Recommend and implement improvements to the SIEM system and related processes
Participate in security audits and assessments, ensuring compliance with industry standards and regulations
SIEM Enhancement and Tuning.
Review the SIEM logs for emerging threats and vulnerabilities, identifying areas for improvement in detection and correlation
Rule and alert optimization: Fine-tune existing SIEM rules and alerts to minimize false positives and negatives, ensuring efficient incident identification and response
Log source management: Continuously integrate new log sources and optimize existing ones for efficient data collection and analysis
Develop custom SIEM rules, dashboards, and reports to address specific SOC team requirements and security needs.
Monitor and optimize SIEM performance to ensure efficient resource utilization and timely incident detection.
Requirement gathering and analysis: Actively engage with the SOC team to understand their security monitoring needs and translate them into actionable SIEM configurations
Generate regular reports on SIEM activity, security incidents, and tuning efforts, fostering clear communication with the SOC team
Provide training to SOC analysts on SIEM usage, best practices, and newly implemented features
Collaborate with the SOC team to identify and implement improvements to the overall security monitoring posture.
Escalation and Issue Management: Defined escalation
procedures: Establish clear escalation procedures for high-priority incidents, ensuring timely communication and resolution
Effectively communicate and collaborate with local IT support and security vendors to resolve escalated issues.
Track escalated issues through resolution, documenting steps taken and outcomes for future reference
The SIEM Analyst will work on regular tuning and optimization of SIEM use cases, leading to more effective monitoring, reducing false positives, and ensuring accurate detections.
The SIEM Analyst will work with the SOC team to add new use cases to monitor emerging threats and respond quickly to changes in attack patterns, ensuring proactive security coverage.
The SIEM Analyst will work to ensure that NWS assets are continuously updated in the SIEM, allowing for accurate monitoring and early detection of potential security incidents involving critical assets.
The SIEM Analyst will work on regularly updating the SIEM in response to NWS’s IT environment changes, ensuring continuous and comprehensive security coverage.
The SIEM Analyst will provide updates and reports on SIEM system performance and improvements, ensuring that all stakeholders are informed about the system’s current state and enhancements.
Requirements
Minimum of 5 years of experience in cybersecurity with a focus on SIEM technologies.
Proven experience with LogRhythm SIEM platform.
Certified LogRhythm Engineer (preferred).
Hands-on experience with log management, threat detection, and incident response.
Expected salary:
Location: Muscat
Job date: Tue, 19 Nov 2024 00:02:29 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck