Sr Lead - Customer Security Operations
Tata Communications
Hyderabad, India
Job Description
Indicative roles and responsibilities of onsite NG SIEM resources is given below. However, HPCL reserves the right to use onsite NG SIEM resources as per the project requirements, criticality etc. from time to time.
1. NG SIEM SIEM+SOAR+UEBA Tool Overall Administration, Management, Backup and Archival, Troubleshooting
2. Upgrade Update Patching Backup Archival of NG SIEM Solution
3. Monitor NG SIEM Console and Dashboards and provide response and support to remote SOC team for Incidents.
4. Support the day to day operation of deployed NG SIEM SIEM+SOAR+UEBA
5. Perform initial analysis for known issues and provide the appropriate recommendations for closure.
6. Monitor and Reporting of system components health and take necessary action in case of any observed issue.
7. Integration of NG SIEM with IS infrastructure Existing Future but not limited to like IPS, WAF, Patch Management, Firewall, Anti APT solution, Antivirus, EDR, AD, ERP, DLP, VMT, Exchange, SharePoint, Network Devices, Web Services, Custom applications etc. and also on respective version upgrades . Continuous
8. Develop appropriate use cases playbooks models reports and alerts and develop custom parsers connectors for integrating logs wherever necessary or required. L3 should have a good command on Regex, Parser and Playbook creation. No separate charges will be provided for Parser or Play book creation.
9. Integration of SIEM SOAR UEBA Tool with security non security solutions based on requirement and architecture and develop modify appropriate use cases rules, playbooks models, reports and alerts - Continuous
10. Should provide real time situational awareness to the HPCL stakeholders.
11. Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM SIEM+SOAR+UEBA Solution.
12. Reduction of False Positives by fine tuning existing correlation rules configuration playbooks models
13. Automation with continuous improvements, Reduction in MTTR, MTTD
14. Develop and implement processes for interfacing with Operational teams and other supporting teams.
15. Ensure the NG SIEM SIEM+SOAR+UEBA integration is intact among the HPCL SOC solutions, other assets
16. Design, create and customize the dashboards reports as per the HPCL requirements. Customise and fine tune SIEM, SOAR, UEBA Dashboards.
17. Ensure the necessary HPCL SOC documents like operating procedures, configuration management, Low Level Design etc. are up to date with the changes made in their respective areas.
18. Automating Day to Day Tasks related with NG SIEM Operations but not limited to
19. Above is illustrative list of general activities. All Technology specific activities Related to NG SIEM to be carried out.
20. Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution.
21. Support on boarding and maintenance of a wide variety of data sources to include various OS, appliance, and application logs. Create Custom parser, queries, custom dashboards, and visualizations
22. Create and manage NG SIEM knowledge objects to include apps, dashboards, saved and scheduled searches and alerts
23. Support access requests and modifications and permissions
24. Support troubleshooting and remediation of issues as they arise with data ingestion and NG SIEM infrastructure
25. Creating and updating all SOPs and support for fulfilling Audit requirements.
26. Monitor and report on cyber threats and suggest any changes needed to protect the organization in SIEM, Leading End to End Implementation of the suggested changes.
27. Provide notification and communication with Incident management and respective application team upon threat detection.
28. Perform analysis on the reported incidents, determine the root cause, and recommend the appropriate solution.
29. Should have a very good understanding on MITRE att andck and NIST framework.
30. Work on Improvement of overall posture of NG SIEM deployment to achieve best return on investment. Coordinate with Analyst team for finetuning and improving NG SIEM overall utilization usage and enriching security posture of HPCL
All product names, logos, and brands are property of their respective owners.