Senior Security Engineer
National Security Services Group
- Muscat
- Permanent
- Full-time
- Ability to effectively communicate and work with individuals from diverse backgrounds or cultures.
- Good understanding of Incident Management and Response
- Experience in security device management and SIEM
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Experience in threat management
- Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
- Knowledge of applications, databases, middleware to address security threats against the same.
- Excellent communication skills
- Ability to handle high pressure situations with key stakeholders
- Good Analytical skills, Problem solving and Interpersonal skills
- Working knowledge and experience with MS office with proficiency in Excel and PowerPoint.
- Hands-on deployment of Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) solutions
- At least 5+ years experience working in deploying and managing SIEM solutions like Securonix, Exabeam, Splunk, LogRhythm, AlienVault, ArcSight, QRadar and Nitro ESM
- At least 3+ years experience working in the field of Content development and worked for delivering and/or building content on Securonix, Splunk, AlienVault, ArcSight, QRadar, Nitro ESM
- Experience in developing custom parsers
- Solid networking fundamentals
- Solid experience with Linux/Unix operating environments (configuration and troubleshooting)
- Strong analytical skills to understand data and come up with use cases to enhance detection
- Strong understanding with information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, and cloud security tools
- Strong understanding of APT kill chain frameworks like MITRE, Lockheed Martin etc.
- Experience in Cyber Security technologies and concepts such as insider threat, malware, lateral movement, beaconing, ransomware, data theft, fraud
- Experience working with regular expressions and understanding of YARA rules
- Strong programming background with advanced skills in Java, MySQL, Hadoop is preferred.
- Experience in coding using Core Java and related technologies, scripting languages like Bash, Python etc.
- Experience in working with Hadoop/Relational databases/SQL queries.
- Proven skills in technical writing, verbal communications, consulting, and problem solving in a rapidly changing technical environment
- Proven experience being team-oriented and self-motivated, with a keen attention.
- Document SIEM implementation and deployment
- Create SIEM and SOC related operational documentation
- Integrate and share information with other analysts and other teams
- Provide threat and vulnerability analysis as well as security advisory services
- Perform regular health checks on SIEM infrastructure and data collection nodes
- Implement various security solutions as and when required
- Manage interactions with internal and external clients
- Support the SOC team and client in the incident response process
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Perform data quality check on ingested data
- Troubleshoot and resolve data quality issues in the Securonix SIEM solution
- Manage SIEM backend infrastructure
- Develop content for Securonix Snypr platform for SIEM and UEBA modules
- Develop cyber threat models that can be utilized in the SIEM solution for threat detection based on inputs from the SOC team
- Manage day to day SIEM operational tasks
- Troubleshoot and resolve SIEM infrastructure related issues
- Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences
- Participate in the documentation process to ensure accuracy of documentation critical to the team's success
- Implement Securonix and other SIEM solutions
- Perform on-boarding of new clients
- Perform data ingestion from different log sources into the SIEM solution
- Troubleshoot and resolve data ingestion issues
- Assist with the development of new content and tuning existing content for SIEM, IDS, and other security technologies
- Interact with other IT personnel, sometimes of different nationalities.
Edarabia