Country:

China/Mainland

Cities:

Beijing, Dalian, Shanghai

Area of expertise:

Security

Job Description

Do you like working on a diverse range of security assignments? This role may be for you.

For the past few years, Avanade has quietly been earning accolades as one of the world’s leading Microsoft security services companies.

Our focus on security has never been greater. Security is no longer a ‘nice-to-have.’ Our clients expect us to help them with their potential security concerns. The resulting growth of our Global Security Practice is directly tied to the increasing demand for security to be integrated in our deal pursuits.

Avanade brings industry and domain expertise to pragmatically assess, recommend, deploy and manage the most appropriate security propositions (solutions) to help our clients become cyber-compliant and cyber-resilient on the Microsoft ecosystem.

About the role

The SIEM Specialist role will be helping build SIEM solutions using Azure Sentinel develop use cases to improve the security value, service management, and scalability for our clients.

A working knowledge of SIEM, threat trends and vectors and integration to other data sources are key. He/she would be part of Regional security practice and perform both solutioning, delivery components equally and support clients. Help to build assets, perform sessions, trainings and SIEM awareness to both clients and Internal team.

The SIEM Specialist works closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.

The successful candidate will be a strong technologist with a practical mind and creativity.

Duties and responsibilities include:

  • Participate in pre-sales SIEM based solutions, cloud security architecture mainly on the MSFT platform integrating Azure and their native components.
  • There will be a split across of work on delivering presales and delivery components (mainly until architecting & onboarding phase of SIEM solution)
  • Experience in integrating third-party tooling’s, threat intelligence sources and able to identity threat trends to provide an operational view to clients.
  • Build SIEM based assets, new solutions based on Azure Sentinel and build for complex SIEM solutions.
  • Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses, and opportunities for improvement.
  • Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
  • Coordinate with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
  • Perform other duties as assigned.

Experience:

  • 8-12+ years of Cyber security experience in defining strategy and architecture in SIEM domain around SIEM designing, defining use cases, security monitoring, incident management.
  • Demonstrated expert level experience in Azure Sentinel, Splunk, IBM Qradar, ArcSight including log consolidation, correlation, content creation, workflow management and process improvement.
  • 7+ years hands on experience creating rules, alerts, content, and reports within a complex SIEM environment.
  • Experience in integrating DevOps component to SIEM solutions (preferably Azure DevOps environment into Azure Sentinel)
  • Good Understanding of Application Security stack, DevSecOps solution.
  • Experience in integrating the whole MSFT stack of tools to Azure Sentinel including Azure AD, 0365, MCAS, AIP, Azure Security Center, MDATP and Microsoft threat protection.
  • Expert troubleshooting and break fix experience with SIEM environments required in conjunction
  • Excellent written and verbal communication skills
  • Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.

Qualifications:

  • Familiarity with Cyber Kill Chain, MITRE attacks & methodologies
  • Understanding of Network Firewalls, IPS, IDS, Load Balancers and Complex System Designs
  • Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
  • Experience installing and maintaining open source log capture technologies such as Syslog-NG, Logstash is preferred
Apply now

Share this job:

Share Facebook Twitter Email

About Avanade

Avanade leads in providing innovative digital services, business solutions and design-led experiences for its clients, delivered through the power of people and the Microsoft ecosystem. Our professionals combine technology, business and industry expertise to build and deploy solutions to realize results for clients and their customers. Avanade has 29,000 digitally connected people across 23 countries, bringing clients the best thinking through a collaborative culture that honors diversity and reflects the communities in which we operate. We welcome all, and seek talented individuals who can bring their whole self to work, build inclusive teams and encourage diversity inside and outside the organization. Majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation. Learn more at www.avanade.com.