Currently working as team lead / tech lead with hands on experience of security platforms and toolsets of functions including administrator, engineer, troubleshooting, managing, etc.
Must have hands-on experience security platforms and toolsets of SIEM (ArcSight, Splunk, etc.), Firewalls (SS7, MMS Fortinet firewalls, etc.), IDS, IPS, WAF (Imperva, etc.), DLP (Symantec DLP, Websense, etc.), Antimalware, Antivirus, antispam, antiphishing (SEP, Brightmail, etc.), log management (Guardium, etc.), PUAM (CyberArk, etc.), NAC (Cisco ISE, etc.) Control Compliance suites (Symantec CCS, etc.) configuration, troubleshooting, report analysis and providing recommendations of future configurations and rules
Strong communication (verbal and written) and presentation skills to confidently build relationships at all levels with excellent time management skills
Innovative professional with ability to come up with new approaches/ resolutions who is constantly seeking self and team development
Previous experience as a Network Administrator/ Network Engineer a plus.
Knowledge of system hardening concepts and techniques
A good understanding of Industry Security standards (i.e.: ISO27002, NIST Cyber Security Framework, etc.)
Operating knowledge of ITIL (ITIL Certification a plus)
Skilled in the areas of server log analysis and understanding of common analysis techniques and tools
Validation of Root Cause Analysis (RCA)
Overlook Complex Change Implementation
Complex Change Assessment
Reviewer and Moderator Role for Knowledge Base Articles Industry certifications in network
Industry certifications in network and in latest Data & Information Security technologies as specified above.
Managed a team of around 10 + resources as team lead / tech lead in previous experience.
(comprehensive knowledge of the theories, methodology and practice of a professional field and deep understanding of several other fields) Proficiency in a specialized field or a broad insight into the relationship between different fields. Knowledge is acquired through deep and/or broad experience built on concepts and principles
Lead and develop a dedicated team focused on Security operations, Delivery and continual improving the performance of 24 X 7 Security Operations.
Willing to work in rotational shifts (24x7 support)
Security Incident & Event Management Log Correlation & Analysis including addition, deletion, creation & Modification of correlation rules
Security device / Infrastructure Monitoring and Management - health monitoring and management of security infrastructure
Global operational monitoring and management of security platforms and infrastructure health and availability.
Team Lead for Security Engineers of subject matter experts of various security appliances and infrastructure including Log Management, Privileged User Access Management, DLP, SS7 Firewalls, MMS firewall, IDS IPS, WAF, NAC, 2FA, Anti-malware, anti-virus, anti-phishing, antispam, CCS, DLP, etc.
Experience in firewall (at least 2 firewalls Cisco, Juniper, Checkpoint, Sonicwall etc ) Configuration and implementation would be a plus.
Strong in network essentials / basics.
Moderate in routing and switching skill.
Manage performance of each team member, employee development and performance reviews as per The Company Way
Ownership of tasks or projects and driving through completion with high quality
Ownership of teams deliverables and results, including, but not limited to, Installation, Implementation, Administration, Content Creation (rules, reports, dashboards, etc.), and provide Engineering support
Ensure Processes and procedures are created/ maintained, documented and followed at all times and conducting periodic and on need basis reviews to ensure adherence with established process with a focus on quality and continual improvement
Monitoring and evaluating team functions statistics, measuring performance, gap analysis and resolutions
Ensure members of staff are trained and certified to the appropriate levels
Motivational and results oriented approach to drive performance, dealing with any conflict or dissatisfaction promptly and effectively
Provide backup cover/support for Security Engineers where required
To be a member of the out of hours technical and management escalation team
Performs environment health assessments, capacity planning and performance benchmarks providing operational assurance (operational readiness)
Ensure timely Response to Cyber Defense Incident Alerts (CDIA), provide appropriate CDIA reporting, investigate said Incident, manage ITIL Incident/ Problem tracking and bring each incident to an appropriate resolution
Understand and advocate Cyber Security standards, reference architectures.
Stay current with developing technologies, emerging threat landscape and predict impact of changing technologies.
Ensure consistent delivery of superior technical solutions.
Communicate effectively with stakeholders to identify needs and evaluate alternative technical solutions and strategies.
Review documentation for clarity and technical accuracy; maintain relations with other service stakeholders.
Advanced analytical skills for review, modification and creation of complex technical documents or related manuals.
Has advanced skills to perform complex work for a functional area and general knowledge of other areas.
Design solutions in alignment with security architecture standards. Liaises with vendors concerning the potential solutions.
Suggests global security standards and approves deviations.
Prepares and ensures quality documentation in accordance with Company & industry standards
Interpret and apply Microsoft architecture and designs to build Security monitoring solutions to support dispersed businesses, and customers.
Troubleshoot and resolve complex Microsoft authentication, authorization and integration problems related to MS security.
Identify opportunities and outline action plans to improve existing MS security monitoring solutions implementation based on Logon Auditing and Logon Events , multiple authentication protocols, Security Support Providers ( NTLM, Kerberos) based on Microsoft architecture.
Provide technical leadership and mentoring to Global Security Monitoring team, Key contributor for the Security monitoring roadmap.
From endpoint ( MS) security monitoring & troubleshooting point of view, I think we should add below role and responsibilities in job description.
*Good understanding and hands on Endpoint Security like AV, Anti-malware, etc.