[ref. w7453816] Chennai - Assistant Manager - Global Information Security

Job Description

SIEM Solution Management:

1. Oversee the implementation, configuration, and maintenance of the SIEM infrastructure (e.g., LogRhythm,Splunk, QRadar, ArcSight).
2. Ensure the SIEM platform is properly integrated with various data sources (firewalls, IDS/IPS, servers, applications, etc.) to monitor security events across the network.
3. Perform regular system upgrades, patches, and optimizations to maintain the performance and security of the SIEM solution.

Event Correlation and Monitoring:

1. Continuously monitor and analyze security logs and alerts to detect potential security threats or breaches.
2. Fine-tune event correlation rules to improve the accuracy of threat detection.
3. Investigate and respond to security incidents, providing detailed reports and recommended remediation actions.

Incident Management and Response:

1. Lead the response to security incidents detected by the SIEM system, including investigation, analysis, and resolution.
2. Work closely with other teams (IT, network security, incident response) to ensure a timely and effective response to incidents.
3. Assist in the creation and updating of incident response procedures, playbooks, and workflows.

Data Integrity and Security:

1. Ensure the accuracy and integrity of the data ingested into the SIEM system.
2. Maintain security controls to protect sensitive data within the SIEM infrastructure.
3. Perform regular audits and assessments to ensure compliance with internal and external security policies and standards.

Reporting and Documentation:

1. Prepare and deliver regular security performance reports to senior management, highlighting potential vulnerabilities, ongoing incidents, and risk assessments.
2. Create and maintain documentation for SIEM configuration, processes, and procedures.
3. Produce ad-hoc reports on security events as requested by management or external stakeholders.

Collaboration and Team Leadership:

1. Collaborate with other IT and security teams to enhance security posture and address identified vulnerabilities.
2. Mentor and guide junior team members, providing training and knowledge sharing to build internal capabilities.
3. Lead or participate in security-related projects, offering technical expertise and guidance.

Continuous Improvement and Research:

1. Stay up to date with the latest security trends, threats, and SIEM technologies.
2. Continuously assess the SIEM environment for areas of improvement and implement best practices.
3. Evaluate new SIEM tools, technologies, and integrations to ensure the system evolves with emerging threats and challenges.

Qualifications:

• 4-8 years of hands-on experience in a SIEM administration role.
• Strong understanding of SIEM platforms, security monitoring, and incident response processes.
• Experience with security operations, network security, and endpoint security.
• Proficiency in log analysis, correlation rule tuning, and threat intelligence.
• Knowledge of security frameworks (e.g., NIST, ISO 27001, CIS) and industry standards.
• Hands-on experience with security monitoring tools and techniques.
• Excellent communication, documentation, and reporting skills.
• Ability to work under pressure and handle multiple tasks simultaneously.
• Relevant certifications (e.g., CISSP, CISM, Splunk Certified Administrator) preferred.

Add-on Skills:

• Experience with cloud-based SIEM solutions (e.g., Amazon Web Services, Microsoft Azure).
• Knowledge of machine learning and AI-based security tools.
• Familiarity with containerization and virtualization technologies.
• Proficiency in programming languages such as Python