Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Google Chronicle SIEM
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary: The SIEM SME leads in architectural design, specification, and maintenance of Splunk/Google Chronicle Security products and services. Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer. Roles & Responsibilities • Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach • Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action • Interface with technical personnel and others teams as required • Make recommendations on the appropriate corrective action for incidents • Configure and manage Infrastructure Security and SIEM solutions. • Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platform • Monitor devices and correlation tools for potential threats • Initiate escalation procedure to counteract potential threats/vulnerabilities • Experience building and maintain security incident correlation content (hands-on) • Experience with reverse engineering tools and techniques as it pertains to network traffic collection and analysis • Operational knowledge of system and network security engineering best practices and architecture • Willingness to engage “hands-on” from inception to complete and audit to SIEMs deployment • Provide guidance and insight, as well as follow directives as necessary to complete accelerated deployment of the SIEMs • Capable and willing to integrate multiple security control production into the SIEMs platform • Appropriately inform and advise management on incidents and incident prevention • Encourages and implements continuous improvement measures on day-to-day basis • Leverages extensive knowledge of communications in a manner that provides business value to the IT Organization • Required to identify, assess, and resolve complex issues/problems within own area of responsibility • Provide Incident remediation and prevention documentation • Document and conform to processes related to security monitoring • Participate in knowledge sharing with other analysts and develop solutions efficiently • Coordinate or participate in individual or team projects • Write technical articles for internal knowledge base • Provide performance metrics as necessary • Develop and optimize technical processes and coordinate procedure documentation. Professional & Technical Skills: • Must have working experience in Google Chronicle SIEM/SOAR as SME. • At least 8+ years of experience in Information Security, Risk Management, Infrastructure Security and Compliance • Security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.) • Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a service • Experience in deploying different type of forwarders and Apps • Deep knowledge in AWS services and serverless architecture • Expertise in UNIX, Linux, and Windows - able to tear down and rebuild a host system • Experience with Database installation and configuration is required and Oracle experience is a plus • Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns • Install, configure, tune, and maintain the Splunk SIEM components • Primarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself. • Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies. • Assist with the creation of detailed deployments plans, architectural drawings and operation manuals. • Assist with event source auditing configurations, integration with various security platforms, network devices, and systems • Expert in development of Regular Expression (REGEX) • Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring. • Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management. • A solid understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others those are required for Security Information and Event Management. • Experience working in a diversified, virtual environment. • Administrational tool development and maintenance. • Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIA • Desirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision. Additional Information: • Bachelor’s and above degree in Computer Science, Information & Technology, MIS, Engineering.