Sentinel

Summary

Looking for a candidate who has in depth knowledge in SIEM (Security Information and Event Management) implementation and administration.

Successful candidate must have a blend of expertise in Log sources integration, Custom parser development and Usecase development.

Required Qualifications

·       Hands-on experience in SIEM implementation and administration of either Sentinel or XISAM.

·       Knowledge of data ingestion methods in SIEM along with custom parsers and API integrations.

·       Ability to integrate different log sources with SIEM and ensuring proper parsing and normalization.

·       Ability to create correlation rules in SIEM tool to improve threat detection.

·       In-depth knowledge of KQL (Sentinel) and XQL (XSIAM), which is used in Sentinel and XSIAM for querying log data.

·       Understanding of security concepts, incident detection, and response to identify and parse relevant security events from logs.

·       Skills to debug and troubleshoot issues with log data collection, parsing, and query performance.

·       Good experience in ITSM/ITIL/ITAM process design/process improvement.

·       Excellent interpersonal, written, and verbal communication skills.

·       Experience and comfort in producing project deliverables to include project plans, project status, test plans/results, training materials and release notes.

Preferred Qualifications

• Security certifications CEH, Security+ etc.
• Proficiency in regular expressions (regex) for pattern matching and extracting specific data from log entries.
• Familiarity with scripting languages like PowerShell, Python, Cortex Query Language (XQL) ,or Kusto Query Language (KQL) for writing custom parsing scripts.