360 Adept, LLC
Security Information and Event Management (SIEM) Engineer
360 Adept, LLC, New York, New York, United States
Overview
Analyzes security event data for attack patterns and attacker tactics; creates automated log correlations in a SIEM to identify anomalous and potentially malicious behavior; interprets IOC’s and uses them efficiently for alerting; creates technical documentation around the content deployed to the SIEM; determines and improves the fidelity of correlation rules to reduce false positives; recognizes patterns and inconsistencies that could indicate complex cyber-attacks; develops SIEM correlation rules to detect new threats beyond current capabilities; manages appliance or virtual appliance OS and SIEM software; creates innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform; creates rules for compliance and audit requirements; creates and manage Watch Lists for current threats; performs formal Architectural Review; creates custom rules/rule modifications and custom reports/report modifications as needed; adds/removes log sources and troubleshoots issues with log sources or systems with the vendor, and report system defects as needed; manages product enhancement/feature requests with vendors as needed; performs software upgrades, updates, and patches as needed; assists with designing and documenting work processes within the SOC.
Responsibilities
Develop and optimize SIEM correlation rules to detect threats and reduce false positives.
Manage SIEM appliance/OS and software, including installations, upgrades, patches, and configurations.
Create technical documentation for SIEM content and deployment.
Design and implement automated log correlation, log source onboarding, and threat intelligence integration (IOC usage).
Develop compliance and audit-related rules and manage Watch Lists for current threats.
Perform architectural reviews and propose operational improvements for SOC processes.
Produce custom rules, rule modifications, and custom reports as required.
Add or remove log sources, troubleshoot vendor-related issues, and report defects as needed.
Coordinate with vendors on product enhancements and feature requests.
Support work process design documentation within the SOC.
Qualifications Education: Bachelor 0s Degree in Engineering, Computer Information or Information Technology, Cybersecurity or Information Assurance or equivalent work experience of 5 or more years.
Certifications
GIAC Defensible Security Architecture (GDSA)
GIAC Certified Detection Analyst (GCDA)
GIAC Certified Incident Handler (GCIH)
GIAC Security Operations Certified (GSOC)
GIAC Continuous Monitoring Certification (GMON)
#J-18808-Ljbffr
Responsibilities
Develop and optimize SIEM correlation rules to detect threats and reduce false positives.
Manage SIEM appliance/OS and software, including installations, upgrades, patches, and configurations.
Create technical documentation for SIEM content and deployment.
Design and implement automated log correlation, log source onboarding, and threat intelligence integration (IOC usage).
Develop compliance and audit-related rules and manage Watch Lists for current threats.
Perform architectural reviews and propose operational improvements for SOC processes.
Produce custom rules, rule modifications, and custom reports as required.
Add or remove log sources, troubleshoot vendor-related issues, and report defects as needed.
Coordinate with vendors on product enhancements and feature requests.
Support work process design documentation within the SOC.
Qualifications Education: Bachelor 0s Degree in Engineering, Computer Information or Information Technology, Cybersecurity or Information Assurance or equivalent work experience of 5 or more years.
Certifications
GIAC Defensible Security Architecture (GDSA)
GIAC Certified Detection Analyst (GCDA)
GIAC Certified Incident Handler (GCIH)
GIAC Security Operations Certified (GSOC)
GIAC Continuous Monitoring Certification (GMON)
#J-18808-Ljbffr