The SIEM Platform Management Senior Advisor will be expected to leverage Siemplify and Splunk in order for :
Standard Log Sources On-Boarding, by taking part in the planning, testing and implementation of the new device or host deployment projects and providing the SIEM requirements for its successful on-boarding
New Log Source Type On-Boarding Projects, by providing assistance on on-boarding new appliances / servers into the SIEM platform, providing requirements and verifying that the on-boarding has been done successfully
Configuration Back-up, by creating an automatic back-up task or on demand based on an agreed schedule with the Customer and performing weekly reviews of the back-up mechanisms
Maintaining the SIEM platform up to date by downloading, testing and performing platform updates
Creating and implementing SIEM data retention policy, based on Customer requirements
Integrate the SIEM platform with 3rd party technologies, when applicable (e.g. Tripwire)
Correlated SIEM rule proposal and subsequent creation, based on identified threat use cases including OT
Automation and Orchestration for incident response flows
Maintain, upgrade and create of platform connectors facing other technologies such as : firewall platforms, endpoint platforms, proxy, DNS
Regular Siemplify platform administration activities such as : upgrade, patching, user account management
5+ years of experience in cyber security
Previous experience with Splunk and Siemplify administration and content development
Previous experience with orchestration platforms : Phantom, Ansible
Previous experience with connector development in Phyton
University education, degree in Computer Science, Information Systems, or Network and Security
Detailed knowledge of security technologies and trends. Desirable Requirements
Possess active industry certifications such as SSCP, GCIH, GCIA or related
Working knowledge / experience of network systems security principles and applications
Fundamental understanding of defense strategies
Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment.
All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and / or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.
Secureworks will not tolerate discrimination or harassment based on any of these characteristics.
Job Family : Information-Technology Job ID : R041650