SIEM Analyst - LogRhythm

Responsibilities: -

• Design, deploy, and maintain SIEM
  solutions
  
• Configure and fine -tune log sources,
  collectors, and agents
  
• Develop and implement use cases,
  correlation rules, and alerts
  
• Monitor and analyze security events
  and alerts generated by the SIEM system
  
• Investigate and respond to security
  incidents, performing root cause analysis and recommending corrective
  actions
  
• Conduct threat hunting activities
  to identify potential security risks
  
• Ensure comprehensive log collection
  and retention across various IT systems and applications.
  
• Perform regular log analysis to
  identify and mitigate security threats
  
• Develop and maintain dashboards
  and reports for security metrics and trends
  
• Work closely with other IT and security
  teams to integrate SIEM with other security tools and processes
  
• Provide technical guidance and training
  to junior analysts and other team members
  
• Communicate effectively with stakeholders
  to report on security incidents and system performance
  
• Stay updated on the latest cybersecurity
  threats, trends, and technologies
  
• Recommend and implement improvements
  to the SIEM system and related processes
  
• Participate in security audits and
  assessments, ensuring compliance with industry standards and regulations
  
•      SIEM Enhancement
  and Tuning.
  
• Review the SIEM logs for emerging
  threats and vulnerabilities, identifying areas for improvement in detection
  and correlation
  
• Rule and alert optimization: Fine -tune
  existing SIEM rules and alerts to minimize false positives and negatives, ensuring
  efficient incident identification and response
  
• Log source management: Continuously
  integrate new log sources and optimize existing ones for efficient data collection
  and analysis
  
• Develop custom SIEM rules, dashboards,
  and reports to address specific SOC team requirements and security needs.
  
• Monitor and optimize SIEM performance
  to ensure efficient resource utilization and timely incident detection.
  
• Requirement gathering and analysis:
  Actively engage with the SOC team to understand their security monitoring needs
  and translate them into actionable SIEM configurations
  
• Generate regular reports on SIEM
  activity, security incidents, and tuning efforts, fostering clear communication
  with the SOC team
  
• Provide training to SOC analysts
  on SIEM usage, best practices, and newly implemented features
  
• Collaborate with the SOC team to
  identify and implement improvements to the overall security monitoring posture.
  
• Escalation and Issue Management:
  Defined escalation
  
• procedures: Establish clear escalation
  procedures for high -priority incidents, ensuring timely communication and resolution
  

• Effectively communicate and collaborate
  with local IT support and security vendors to resolve escalated issues.
  
• Track escalated issues through resolution,
  documenting steps taken and outcomes for future reference
  
• The SIEM Analyst will work on regular
  tuning and optimization of SIEM use cases, leading to more effective monitoring,
  reducing false positives, and ensuring accurate detections.
  
• The SIEM Analyst will work with
  the SOC team to add new use cases to monitor emerging threats and respond quickly
  to changes in attack patterns, ensuring proactive security coverage.
  
• The SIEM Analyst will work to ensure
  that NWS assets are continuously updated in the SIEM, allowing for accurate
  monitoring and early detection of potential security incidents involving
  critical assets.
  
• The SIEM Analyst will work on regularly
  updating the SIEM in response to NWS's IT environment changes, ensuring continuous
  and comprehensive security coverage.
  
• The SIEM Analyst will provide updates
  and reports on SIEM system performance and improvements, ensuring that all
  stakeholders are informed about the system's current state and
  enhancements.
  
  

Requirements

• Minimum of 5 years of experience
  in cybersecurity with a focus on SIEM technologies.
  
• Proven experience with LogRhythm
  SIEM platform.
  
• Certified LogRhythm Engineer (preferred).
  
• Hands -on experience with log management,
  threat detection, and incident response.