● Real-time monitoring of SIEM security events.
● End-point nodes security monitoring.
● Handle security incidents in the least time.
● Escalate to appropriate departments.
● Filter false positives.
● Tune correlation rules.
● Implement use case in SIEM.
● Regular and custom reporting for security events.
● Collaborate with other teams.
● Help to normalize SIEM ingress logs.
Requirements
● Working skills with SPLUNK and SPLUNK Enterprise Security.
● Working skills with corporate Antivirus Solutions like Kaspersky Security Center.
● Familiarity with SPLUNK SPL.
● Familiarity with Security Devices like Firewalls, WAF, and IDS/IPS.
● Familiarity with Security Concepts.
● Familiarity with frameworks like OWASP top 10, MITRE ATT&CK, and Cyber Kill Chain.
● Good knowledge of TCP/IP and related protocols.
