CD- SIEM Content Development-Arcsight/ LogRhythm /Sentinel/Splunk-Senior Associate -Bangalore
PwC
- Bangalore, Karnataka
- Permanent
- Full-time
- Year of Experience
Position Requirements
Minimum of 4-8 years of prior experience in SIEM Technologies, Information Security Expertise in SIEM
solutions like Splunk, ArcSight and Azure Sentinel Tools.
Expertise in building use cases around NIST and MITRE ATT&CK framework to enable detection at various stages of a cyber attack.
- Implementation of use cases using SPL/KQL with complex correlation across different data sources.
- Development of dashboards/workbooks, alerts.
- Implementation of SOAR workflows using Logic Apps, Phantom, Demisto etc
- Basic knowledge of User Entity Behaviour, Machine Learning models.
- Scripting knowledge of python is an added advantage.
- Assist in administration, maintenance and optimization of the Splunk Enterprise and Splunk ES.
- Integrating log sources with Sentinel using REST API.
- Working knowledge of all architectural components of SIEM
- Knowledge about cloud environment and hybrid environments
processing etc.
Working knowledge in Azure services like Security center, azure monitor, log analytics, NSG, Storage,
Azure Functions,defender ATP, etc.
- Experience of threat intelligence and threat hunting is added advantage.
SIEM Technologies, Information SecurityExpertise in SIEM solutions like Splunk, ArcSightand Azure
Sentinel Tools.
- KQL/SPL
- Bachelor's Degree Preferred.
- Line of Service: Advisory