CSA SIEM Admin

Deutsche Bank

Early Applicant

7 days ago
Be among the first 50 applicants

Exp: 6-10 Years

Pune, India

Job Description

Job Title - CSA SIEM Admin (Chronicle, Sentinel and Splunk )

Location - Pune

Role Description

The COO Chief Information Security Office (CISO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization. You will be part of a global SIEM admin/operations team. SIEM Administrator will be responsible for maintaining SIEM(Chronicle, Sentinel and Splunk) instances by making sure all SIEM deployment devices are working properly, efficiently and with desired performance. SIEM Administrator main duties and responsibilities: managing user access, verifying availability, monitoring database loads, managing application performance, capacity and availability, monitoring disk space, verifying log continuity and log management reports, application problem determination/problem source investigation, monitoring SIEM system patches and upgrades, installing application patches as needed, verifying data collection, verifying backups are running and complete.

What we'll offer you

As part of our flexible scheme, here are just some of the benefits that you'll enjoy

Best in class leave policy
Gender neutral parental leaves
100% reimbursement under childcare assistance benefit (gender neutral)
Sponsorship for Industry relevant certifications and education
Employee Assistance Program for you and your family members
Comprehensive Hospitalization Insurance for you and your dependents
Accident and Term life Insurance
Complementary Health screening for 35 yrs. and above

Your key responsibilities

Engineer, implement & support SIEM platforms (Chronicle, Sentinel & Splunk)
Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform
Provide production support for the platform as part of the team to ensure smooth operations, system function & system health
Proficiency developing log ingestion and aggregation strategies
Hands-on experiences with Sentinel SIEM administration, Configuration, and management of solutions.
Experience with policy tuning, customization, implementation of best practices, determine specific value driven use cases, and fully integrate the solution into the environment.
Good understanding about terraform & deployments.
Understanding of MITRE ATT&CK and NIST Cyber Security Frameworks standards and implement on DB SIEM (Chronicle, Sentinel and Splunk).
On-board new data sources into Chronicle, Sentinel analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
Contribute to product architecture, engineering & roadmap for the multi SIEM platform
Develop security-focused content for Chronicle/Sentinel, including creation of complex threat detection logic and operational dashboards
Work with cross-functional teams to proactively improve on existing integration automation/workflows.
Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.
Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
Passionate about data to drive information-based security analytics
Manage backend functionalities for Chronicle
Work with end users to understand and define the requirements
Recommend GCP best practices for implementation
Create Operational Documents for process

Your skills and experience

The candidate must have Degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of 10+ years of experience in with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity.

10+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms
6+ years of Experience implementing, architecting and administering SIEM platforms like Chronicle, Sentinel, Splunk, ArcSight, Qradar etc., for a large global organization
Knowledge of GCP services and data ingestion from those services into SIEM.
Experience developing in XML, Bash, Python, and PowerShell scripts
Experience with automation platforms such as Ansible
Nice to have DevOps/Terraform Engineering experience
Independent, self-motivated, proactive approach to problem solving and prevention.
Excellent written and verbal communication skills.
Passionate about cyber security and the aptitude to identify and solve security problems.
Hands on Experience with GCP platform, managing various configurations to enable & manage Chronicle/Sentinel/Splunk
Understand SIEM technologies

How we'll support you