Do you like working on a diverse range of security assignments? This role may be for you.
For the past few years, Avanade has quietly been earning accolades as one of the world’s leading Microsoft security services companies.
Our focus on security has never been greater. Security is no longer a ‘nice-to-have.’ Our clients expect us to help them with their potential security concerns. The resulting growth of our Global Security Practice is directly tied to the increasing demand for security to be integrated in our deal pursuits.
Avanade brings industry and domain expertise to pragmatically assess, recommend, deploy and manage the most appropriate security propositions (solutions) to help our clients become cyber-compliant and cyber-resilient on the Microsoft ecosystem.
About the role
The SIEM Specialist role will be helping build SIEM solutions using Azure Sentinel develop use cases to improve the security value, service management, and scalability for our clients.
A working knowledge of SIEM, threat trends and vectors and integration to other data sources are key. He/she would be part of Regional security practice and perform both solutioning, delivery components equally and support clients. Help to build assets, perform sessions, trainings and SIEM awareness to both clients and Internal team.
The SIEM Specialist works closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.
The successful candidate will be a strong technologist with a practical mind and creativity.
Duties and responsibilities include:
- Participate in pre-sales SIEM based solutions, cloud security architecture mainly on the MSFT platform integrating Azure and their native components.
- There will be a split across of work on delivering presales and delivery components (mainly until architecting & onboarding phase of SIEM solution)
- Experience in integrating third-party tooling’s, threat intelligence sources and able to identity threat trends to provide an operational view to clients.
- Build SIEM based assets, new solutions based on Azure Sentinel and build for complex SIEM solutions.
- Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses, and opportunities for improvement.
- Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
- Coordinate with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
- Perform other duties as assigned.
- 8-12+ years of Cyber security experience in defining strategy and architecture in SIEM domain around SIEM designing, defining use cases, security monitoring, incident management.
- Demonstrated expert level experience in Azure Sentinel, Splunk, IBM Qradar, ArcSight including log consolidation, correlation, content creation, workflow management and process improvement.
- 7+ years hands on experience creating rules, alerts, content, and reports within a complex SIEM environment.
- Experience in integrating DevOps component to SIEM solutions (preferably Azure DevOps environment into Azure Sentinel)
- Good Understanding of Application Security stack, DevSecOps solution.
- Experience in integrating the whole MSFT stack of tools to Azure Sentinel including Azure AD, 0365, MCAS, AIP, Azure Security Center, MDATP and Microsoft threat protection.
- Expert troubleshooting and break fix experience with SIEM environments required in conjunction
- Excellent written and verbal communication skills
- Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.
- Familiarity with Cyber Kill Chain, MITRE attacks & methodologies
- Understanding of Network Firewalls, IPS, IDS, Load Balancers and Complex System Designs
- Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
- Experience installing and maintaining open source log capture technologies such as Syslog-NG, Logstash is preferred