SIEM Analyst- LogRhythm

Muscat, Sultanate of Oman | Posted on 11/06/2024

• Design, deploy, and maintain SIEMsolutions
• Configure and fine-tune log sources,collectors, and agents
• Develop and implement use cases,correlation rules, and alerts
• Monitor and analyze security eventsand alerts generated by the SIEM system
• Investigate and respond to security incidents, performing root cause analysis and recommending corrective actions
• Conduct threat hunting activities to identify potential security risks
• Ensure comprehensive log collection and retention across various IT systems and applications.
• Perform regular log analysis to identify and mitigate security threats
• Develop and maintain dashboard sand reports for security metrics and trends
• Work closely with other IT and security teams to integrate SIEM with other security tools and processes
• Provide technical guidance and training to junior analysts and other team members
• Communicate effectively with stakeholders to report on security incidents and system performance
• Stay updated on the latest cybersecuritythreats, trends, and technologies
• Recommend and implement improvements to the SIEM system and related processes
• Participate in security audits andassessments, ensuring compliance with industry standards and regulations
• SIEM Enhancementand Tuning.
• Review the SIEM logs for emergingthreats and vulnerabilities, identifying areas for improvement in detection and correlation
• Rule and alert optimization:
  Fine-tuneexisting SIEM rules and alerts to minimize false positives and negatives, ensuring efficient incident identification and response
• Log source management:
  Continuouslyintegrate new log sources and optimize existing ones for efficient data collection and analysis
• Develop custom SIEM rules, dashboards,and reports to address specific SOC team requirements and security needs.
• Monitor and optimize SIEM performance to ensure efficient resource utilization and timely incident detection.
• Requirement gathering and analysis:
  
  Actively engage with the SOC team to understand their security monitoring needsand translate them into actionable SIEM configurations
• Generate regular reports on SIEMactivity, security incidents, and tuning efforts, fostering clear communication with the SOC team
• Provide training to SOC analystson SIEM usage, best practices, and newly implemented features
• Collaborate with the SOC team to identify and implement improvements to the overall security monitoring posture.
• Escalation and Issue Management:
  
  Defined escalation
• procedures:
  Establish clear escalation procedures for high-priority incidents, ensuring timely communication and resolution
• Effectively communicate and collaborate with local IT support and security vendors to resolve escalated issues.
• Track escalated issues through resolution,documenting steps taken and outcomes forfuture reference
• The SIEM Analyst will work on regulartuning and optimization of SIEM use cases, leading to more effective monitoring,reducing false positives, and ensuring accurate detections.
• The SIEM Analyst will work withthe SOC team to add new use cases to monitor emerging threats and respond quicklyto changes in attack patterns, ensuring proactive security coverage.
• The SIEM Analyst will work to ensure that NWS assets are continuously updated in the SIEM, allowing for accuratemonitoring and early detection of potential security incidents involvingcritical assets.
• The SIEM Analyst will work on regularlyupdating the SIEM in response to NWS's IT environment changes, ensuring continuousand comprehensive security coverage.
• The SIEM Analyst will provide updates and reports on SIEM system performance and improvements, ensuring that allstakeholders are informed about the system's current state and enhancements.

• Minimum of 5 years of experience in cybersecurity with a focus on SIEM technologies.
• Proven experience with LogRhythm
  
  SIEM platform.
• Hands-on experience with log management,threat detection, and incident response.