SIEM Architect/Engineer (offline)

Your tasks:
• Provide situational awareness and attack sensing and warning through fusion, analysis and coordinated information flows gathered from a variety of system and sensor sources within the enterprise
• Synthesize, summarize, consolidate and share potentially malicious activities by creating incident reports, updates, collaboration/chat tippers and notifications, updating incident handling databases
• Receive and analyze alerts from various enterprise level sensors and determine possible causes of such alerts
• Support incident handling and response, triage of events, network analysis and threat detection, trend analysis, metric development, vulnerability information dissemination
• Create and lead processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs
• Support the day to day operation of a highly available distributed multi-clustered multi tenant SIEM deployment
• Support onboarding and maintenance of a wide variety of data sources to include various Cloud Vendors, Cloud Platforms, Operating Systems, Appliances and Application logs
• Create queries, dashboards, and visualizations to support customer requirements and monitoring of the SIEM deployment
• Create and manage SIEM knowledge objects to include apps, dashboards, saved and scheduled searches and alerts
• Support troubleshooting and remediation of issues as they arise with data ingestion and SIEM infrastructure

Your profile:
• MBA in Information Systems, preferred
• 3+ years of experience in information security
• 2+ years of experience in working with SIEM for threat hunting and analysis as well as SIEM administration
• Shift flexibility, including the ability to provide on call support when needed
• Experience working with Internal and client Ticketing and Knowledge Base Systems for Incident and Problem tracking as well as procedures. (i.e. Jira, Confluence, etc.).
• General security knowledge (GIAC, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, or other security certifications).
• Experience with various SIEM security products such as: Azure Sentinel, Azure Log Analytics, ELK/EFK, and infrastructure components such as proxies, firewalls, IDS/IPS etc.
• Experience with content SIEM content creation and reporting.
• Excellent time management, reporting, and communication skills.

About Syncier

We bring insurance companies into the digital age and free them from commodity efforts, to focus on their differentiation in the market.

We are part of Allianz Deutschland and Microsoft with main office in Munich.
Our other offices are located in Paris, Vienna, Stuttgart, Cologne, Hanover, Singapore and Kyiv.

Company website:
https://www.syncier.com/

DOU company page:
https://jobs.dou.ua/companies/syncier-an-allianz-company/