Job Description
Experience :3yrs
Mode : Hybrid
Description:
Qualifications & Required Skills:
Bachelor's degree in engineering, computer science, information systems, information security, mathematics, decision sciences, risk management, or other business/technology fields, or equivalent professional experience.
Certifications such as CISSP, CEH, or similar.
3 to 8 years of experience (Senior Level) with 8 months to 2 years specifically in Chronical implementation, including log source integration, rule creation, and parser development.
Proficiency with leading SIEM technologies (e.g., Splunk, QRadar, LogRhythm, Nitro, Chronicle), IDS/IPS, network and host-based firewalls, data leakage protection (DLP), and common EDR platforms. Knowledge of potential attack activities such as network probing/scanning, DDoS, malicious code activity, data exfiltration, and credential access.
Familiarity with the Cyber Kill Chain, MITRE ATT&CK framework, and various TTPs used by attackers, along with the ability to create detection rules for these in SIEM and EDR solutions (added advantage).
Understanding of tools, technologies, and logging mechanisms, including common network devices like routers, switches, and load balancers. Awareness of typical cloud threats and how to detect and mitigate them, cloud logging and audit capabilities, and the ability to develop detection rules for these threats.
Basic understanding of networking protocols such as IP, DNS, HTTP, and the network stack.
Foundational knowledge in system security architecture and security solutions.
Preferred Skills: Excellent interpersonal and organizational abilities.
Strong verbal and written communication skills. Superior analytical and problem-solving capabilities.
Self-driven to enhance knowledge and skillsets.
A strong desire to comprehend not just the what, but also the why and how of security incidents.
