Ensure your organization continues to increase the security posture of your organization by leveraging the enterprise Security Event and Incident Management tools (SIEM), perimeter email defense, vulnerability management platform, anti virus, intrusion detection, and password/account management solutions.
More Uses of the SIEM Toolkit:
- Verify custom reports, manage log source groups, and validate log sources for SIEM; onboard new and existing configuration data for enterprise security log source types.
- Execute and improve threat management and cyber incident response processes SIEM response, blacklist management, Endpoint Detection and Response management, investigations, etc.
- Manage work with your team of Cybersecurity experts to find the adversary in the SIEMs blind spot and advise clients on ways to close the gaps and harden network.
- Utilize ids/ips systems, siem (security incident and event management) tools and network scanners to review, assess, and document incidents and vulnerabilities to improve security.
- Provide operational oversight and ensure consistency in the tracking and remediation of information security events impacting key Business Unit stakeholders.
- Develop, implement, maintain, and oversee enforcement of system security administration and user system access based on industry standard best practices.
- Be accountable for transitioning, maintaining, or using Security Technologies as SIEM, Endpoint protection, Data Loss Prevention, IAM product, Forensic tools etc.
- Support the daily monitoring, escalation, and remediation of information security and insider threat events with relevant teams that support the incident response process.
- Direct: content developers analyze the signatures cyber attackers leave behind throughout a network and develop siem rules to detect future intrusions.
- Analyze and investigate events using an enterprise security information and event monitoring (SIEM), logs from firewalls,IDS/IPS, proxies, servers, endpoints and other network devices to determine risk.
- Collaborate closely with other IT Department leaders on future architecture/strategy considerations and change control considerations to ensure security is considered effectively.
- Be accountable for monitoring performance of correlated and scheduled searches and identify opportunities to make searches/dashboards more efficient in Splunk to improve performance.
- Coordinate: partner with the SOC, IT resources, and internal / external business partners on any solution or process enhancements to ensure optimal security practices.