Share this Job

SIEM Engineer

Kuala Lumpur
MY

Software AG’s global Security Operations Center (SOC) provides a holistic Security logging and monitoring service for our internal customers. The Security logging and monitoring service is responsible for creating and providing comprehensive visibility into asset security, problem management and root cause analysis as well as health and utilization monitoring.

 

This position will deploy, operate and tune the Security logging and monitoring solution in a hybrid and globally distributed setup on-premises and in the public cloud (Azure, AWS).

 

The Security logging solution is realized on a highly distributed Elastic Cloud Enterprise stack to connect different environments to one centralized Kibana/Grafana Security console.

 

Responsibilities

  • You Perform optimization and false-positive/negative tuning on security tools to ensure event and alert integrity.
  • Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
  • Working experience with Threat intelligence teams to be able to interpret IOC's and use them efficiently for alerting.
  • Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
  • Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
  • Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
  • Deploy, operate and maintain the holistic Security logging and monitoring service on basis of a distributed (on-premises, AWS, Azure) Elastic Search, Logstash, Kibana/Grafana and Zabbix stack integrated in Azure Sentinel SIEM
  • Connect different components (on-premises, public cloud) to the logging and monitoring solution and manage access permissions for asset groups and owners
  • Create comprehensive and meaningful visualization of security log data
  • Follow DevSecOps strategies to implement automate workflows and codified environments to safeguard business continuity and effective disaster recovery

 

Requirements

  • Hands-on experience with key operations technologies such as:
    • Logging (Elastic Search SIEM, Logstash, Azure Sentinel)
    • Dashboarding (Grafana, Kibana)
    • Scripting (Python, Powershell, Bash)
  • Experienced with the use of automation in the context of IT operations (Azure Functions, Azure DevOps, Azure Logic Apps)
  • Experience working with state-of-the-art SIEM tools (Azure Sentinel, ELK, SOAR, Splunk).
  • Experience with various IT security topics including network security, firewalls, IDS/IPS, Malware, OWASP Top 10, Web Proxy, Endpoint Security etc.
  • Strong technical and analysis skills.
  • You ideally have Cyber Security related certifications (e.g.: CEH, OSCP, CPSA, CRT)
  • You are fluent in English and have strong verbal and written communication skills

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Job Segment: Engineer, Cloud, Network Security, Cyber Security, Engineering, Technology, Security