• Experienced in managing multiple SOC customers.
  • Strong Knowledge and troubleshooting of SIEM technologies such as Qradar, ArcSight, RSA Envision etc.
  • Use strong TCP/IP networking skills to perform network troubleshooting to isolate and diagnose common network problems
  • Respond to needs and questions of customers concerning their access to network resources through their managed device
  • Resolve problems independently and understand escalation procedure
  • Interface with onsite / clients to understand the quality aspects and expectations, as needed
  • Collaborate effectively with local team members and offshore staff to create best practice processes

Proven Knowledge and expertise in SIEM administration tasks including troubleshooting of various SIEM components

Knowledge and experience in security products such as Firewalls, DLP, and next gen devices is added plus

Experience in event monitoring, correlation, event analysis, investigate and remediation of security events.

Experience in Designing and implementing Security Incident Management Process

Good knowledge of Various security Technologies

Knowledge of TCP/IP protocols and analysis

Responsible to Create rules, filters, active channels, queries, trends and all other informational content based on use cases

Responsible to Develop, implement, maintain and execute standard content development practices for SIEM Platform

Responsible to Work with business unit SMEs on use cases and to create correlation rules and content that is relevant to that business unit

Responsible to Communicate and collaborate with security operations center analysts to optimize HP ArcSight performance to better meet the needs of operations

Responsible to Tune correlation rules and event data quality to maximize SIEM system efficiency

Responsible to provide support recommendations and optimization for the SIEM platform

Relevant professional experience including working knowledge or high level awareness of the following technologies:

Log Management and SIEM (e.g. Splunk, IBM QRadar, HP ArcSite, etc.)

Firewalls (e.g. PaloAlto Networks, Checkpoint, Cisco ASA, Juniper SSG, PFSense, etc.)

Routers (e.g. Cisco, Juniper, etc.)

Network Analysis Tools (e.g. Netwitness, Wireshark, etc.)

System Analysis and Forensic Tools (e.g. FTK, EnCase, etc.)

Endpoint Security (e.g. Bit9, Carbon Black, Symantec, McAfee, Forefront, etc.)

Windows Management (e.g. WSUS, SCCM, SCOM, Active Directory, Group Policy Objects, etc.)

Vulnerability Management (e.g. NeXpose, Tenable Nessus, etc.)

Penetration Testing Tools (e.g. Metasploit, Backtrack, Kali, etc.)

Operating Systems (e.g. Windows Server 2008/2012, CentOS Linux, OSX, etc.)

Enterprise Microsoft Solutions (e.g. Exchange, Sharepoint, Lync, etc.)

Regulatory Regimes (e.g. ISO27K, SSAE16, HIPPA, PCI, FISMA, etc.)

Internet Policy Enforcement, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions

CISSP / CISA / CEH / ECSA / CHFI or other information security certifications