国家:

中国

城市:

Beijing, Dalian, Shanghai

专业领域:

安全

职位描述

Do you like working on a diverse range of security assignments? This role may be for you.

For the past few years, Avanade has quietly been earning accolades as one of the world’s leading Microsoft security services companies.

Our focus on security has never been greater. Security is no longer a ‘nice-to-have.’ Our clients expect us to help them with their potential security concerns. The resulting growth of our Global Security Practice is directly tied to the increasing demand for security to be integrated in our deal pursuits.

Avanade brings industry and domain expertise to pragmatically assess, recommend, deploy and manage the most appropriate security propositions (solutions) to help our clients become cyber-compliant and cyber-resilient on the Microsoft ecosystem.

About the role

The SIEM Specialist role will be helping build SIEM solutions using Azure Sentinel develop use cases to improve the security value, service management, and scalability for our clients.

A working knowledge of SIEM, threat trends and vectors and integration to other data sources are key. He/she would be part of Regional security practice and perform both solutioning, delivery components equally and support clients. Help to build assets, perform sessions, trainings and SIEM awareness to both clients and Internal team.

The SIEM Specialist works closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.

The successful candidate will be a strong technologist with a practical mind and creativity.

Duties and responsibilities include:

  • Participate in pre-sales SIEM based solutions, cloud security architecture mainly on the MSFT platform integrating Azure and their native components.
  • There will be a split across of work on delivering presales and delivery components (mainly until architecting & onboarding phase of SIEM solution)
  • Experience in integrating third-party tooling’s, threat intelligence sources and able to identity threat trends to provide an operational view to clients.
  • Build SIEM based assets, new solutions based on Azure Sentinel and build for complex SIEM solutions.
  • Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses, and opportunities for improvement.
  • Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
  • Coordinate with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
  • Perform other duties as assigned.

Experience:

  • 8-12+ years of Cyber security experience in defining strategy and architecture in SIEM domain around SIEM designing, defining use cases, security monitoring, incident management.
  • Demonstrated expert level experience in Azure Sentinel, Splunk, IBM Qradar, ArcSight including log consolidation, correlation, content creation, workflow management and process improvement.
  • 7+ years hands on experience creating rules, alerts, content, and reports within a complex SIEM environment.
  • Experience in integrating DevOps component to SIEM solutions (preferably Azure DevOps environment into Azure Sentinel)
  • Good Understanding of Application Security stack, DevSecOps solution.
  • Experience in integrating the whole MSFT stack of tools to Azure Sentinel including Azure AD, 0365, MCAS, AIP, Azure Security Center, MDATP and Microsoft threat protection.
  • Expert troubleshooting and break fix experience with SIEM environments required in conjunction
  • Excellent written and verbal communication skills
  • Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.

Qualifications:

  • Familiarity with Cyber Kill Chain, MITRE attacks & methodologies
  • Understanding of Network Firewalls, IPS, IDS, Load Balancers and Complex System Designs
  • Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
  • Experience installing and maintaining open source log capture technologies such as Syslog-NG, Logstash is preferred
立即申请

分享此职位:

分享 Facebook Twitter Email

关于埃维诺

埃维诺是全球领先的数字化创新领导者,通过人的力量和微软生态系统,为客户提供数字化服务,商业解决方案,以设计为驱动的用户体验。埃维诺将大胆而新鲜的想法与丰富的行业及商业知识,以及先进的科技相结合,为客户创建和交付解决方案,帮助客户以及他们的客户实现价值。今天,埃维诺具有遍布全球24个国家的30,000名专家。我们推崇多元和协作的文化,通过我们的运营实践,引领前沿的思维。埃维诺成立于2000年,是一家由埃森哲和微软成立的合资公司,埃森哲持有埃维诺的大部分股权。了解详情,请登陆 www.avanade.com.cn