Job Description

The role of the SIEM Administrator will be to work closely with our security team to develop and deliver solutions to gain visibility of security events within our environment. Build new or develop existing event correlation, reporting and remediation capabilities based on advanced monitoring use cases, external threat intelligence, and known traffic patterns. Regularly review Audit Logs to recognize both normal and abnormal activity.

Responsibilities:

• Develop and enhance security policies, processes, procedures and technical controls to strengthen security capabilities and resilience to cyber threats
• Take a proactive role in identifying security risks, mitigations and opportunities to strengthen resilience to cyber-attacks and security incidents
• Participate in the design and implementation of systems and applications to ensure that proposed solutions comply with the company’s IT Security policies
• Assist with security incident management and response activities
• Interact with the IT team to provide and share technical issue resolution knowledge and deployment/adoption processes best practices
• Provide analysis of information security risk and issues of non-compliance
• Manage, maintain, optimize and tune the Microsoft Sentinel SIEM solution, ensuring all key systems send activity information to the SIEM solution and that the solution recognises and differentiates between both normal and abnormal system activites
• Investigate unusual behavior highlighted by SIEM, reporting potential threats or malicious activity and support security incident response efforts as required
• Develop dashboards and reports for monitoring of real-time log data, that clearly report on and highlight critical events
• Provide internal training, support and knowledge transfer to other Information Security team members, to enable efficient management of SIEM related processes

Required Knowledge, Skills, and Abilities

Experience and good understanding of Microsoft technologies including: Azure Active Directory, Windows Server, and M365. An in depth knowledge of the Microsoft Sentinel SIEM solution and configuration best practice and use. Use of advanced security assessment tools. Basic understanding of firewall and intrusion detection system administration. Basic understanding of TCP/IP. Ability to tune and harden various operating systems. Ability to use security systems to correlate and respond to security alerts and events. SIEM administration, log investigation, analysis and reporting. Common exploitation tools, tactics and procedures. Persistent attacks, detection methods and how malicious software persists on compromised systems. Security incident response procedures and best practices. We believe this is an excellent opportunity for candidates who have a strong understanding of IT security with experience of working in a fast-paced environment.