Job Description :
Job Description:

Mandatory Skills: Threat hunting, SIEM, splunk

Job Details:

5+ years Threat Hunting experience.
3+ years’ experience using Splunk for Threat Hunting
3+ years’ experience administering, deploying, and designing deployments of Splunk ES (SIEM) technologies.
5+ years overall experience in Incident Response
5+ years overall administration of log aggregation or log storage tools.
10+ years overall experience in IT Security
Ability to assess, triage, and investigate potential threats, leading teams, assigning resources, and using tools to validate and, if necessary, mitigate threats.
Convert repetitive incidents into Standard Operating Procedures for Tier 1 analysts.
Manage the overall response for IT Security incidents.
Experience reviewing risk assessments, interpreting threat intelligence, and devising SIEM use cases to mitigate risks.
Experience drafting and revising processes and workflows.
Experience leading teams, distributing workloads, and supervising personnel.
Experience determining key performance metrics, their measurement, and their reporting.
Good written and speaking skills in English
Good listening skills.
Ability to explain processes and security requirements to non-technical and non-IT security personnel.

Preferred additional value:

Skills on other leading SIEM platforms.
Skills on additional IT security control products.
CEH (ISC2), CIH (ISC2), Incident Handler (SANS) Certifications
Splunk ES (SIEM) certifications
Other IT Security and network technology certifications.
Experience with ServiceNow ticketing and alert generation.
Spanish speaking (written and verbal), other language skills.

Responsibilities include but are not limited to:

Oversee SOC/SIEM team providing twenty-four (24) hours a day and seven (7) days a week services and ensure HCL SOC/SIEM can be reached at all times in the event of an after-hours event or incident
Support risk mitigation or issue resolution following an after-hours event or incident
Maintain customer’s SIEM(s) in accordance with customer policy and best practices, including patching and policy management, as well as service management processes and objectives.
Oversee SIEM/SOC responses to monitored alerts and ensure staff adhere to documented workflows and applicable HCL and customer standards.
Ensure SIEM/SOC staff deliver SIEM related services in accordance with HCL’s contractual obligations, upholding contracted service levels, ensuring constant security monitoring, triage, analysis, alert, and incident response (“single pane of glass” monitoring set-up)
Ensure SIEM and monitoring security configurations are documented in the customer''s CMDB
Fulfill and resolve service desk-reported requests, tickets, and Incidents related to security and capture and log all pertinent information for requests and incidents in Customer’s service ticket tracking system, which may include:
Raising Incidents to be managed by the next level of support for risk remediation
Ongoing diagnosis and resolution of tickets
Tracking and logging ticket information
Ongoing evaluation and closure of tickets
Root Cause Analysis with identification of the root cause, and an action plan and estimated time to complete remediation
Documentation and reporting across ticket resolution process
Providing incident management
Delivering an incident report with analysis and recommendations
Raising change requests
Ensure a well-defined change control process for security configurations for the SIEM and monitoring tools are in place.
Protect all password information required for configuration of SIEM and monitoring equipment from unauthorized access and store on shared customer network.
Ensure all SIEM and monitoring tools are backed up prior to any work impacting those platforms.
Maintain a library of security device baseline configurations for the SIEM and monitoring tools.
Collect, aggregate, and store comprehensive security data across Customer infrastructure, including workstations, databases, servers, network, applications, end user mobile and non-mobile devices, and all other supported assets, into a centralized repository

Client : confidential