· Developing and implementing SIEM solution internally and as well for clients and/or candidates who have strong experience in assessing and implementing SIEM and other operational tools and processes for a Security Operations Centre (SOC)
· Develop content for a complex and growing SIEM infrastructure. This includes use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions.
· Use SIEM in the daily operational work which includes but not limited to Administer, operate, manage SIEM platform and regular activities of ensuring the health of log sources, parsers, alerts, reports etc. and enduring that the platform is operating as planned.
· Monitor SIEM and other event sources, assess, prioritize, escalate and manage security alerts.
· Perform analysis of security, network database and application logs, correlate events and activities to create threat scenarios to get ahead of threat actors and reduce the exposure.