TC-CS-CDR-SIEM Content Developer-Detection Engineer-Senior at EY

Hyderabad, Telangana, India -

Full Time

Start Date

Immediate

Expiry Date

22 Jun, 26

Salary

0.0

Posted On

24 Mar, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

SIEM Content Development, OT Security, Data Onboarding, Custom Parsers, CIM Verification, Data Masking, Operational Support, Nozomi, Claroty, Armis, Python, JavaScript, Bash, PowerShell, Consulting, MITRE Attack Framework

Industry

Professional Services

Description

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Senior (CTMDR – Threat Detection & Response) Job Summary: We are seeking a highly skilled and passionate Senior SIEM Specialist with a strong background in Operational Technology (OT) to join our dynamic team. The ideal candidate will have proven expertise in SIEM content development, hands-on experience with OT tools, and a deep understanding of OT environments. Key Capabilities: Design and develop impactful SIEM use cases tailored to OT environments. Onboard data into SIEM from various sources, including custom parsers for unsupported sources. Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Create advanced visualizations and dashboards to provide near real-time visibility into OT applications. Provide operational support for globally deployed OT network monitoring solutions like Nozomi, Claroty, and Armis. Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Experience in creating use cases under Cyber kill chain and MITRE attack framework Sound knowledge in configuration of Alerts and Reports. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Qualification & Experience: At least 8 years of overall experience in cybersecurity with a minimum of 4 years in OT/IOT Security solutions. Strong knowledge of IT/OT/IoT communication protocols and experience supporting industrial protocols Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as Splunk, IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role involves designing and developing impactful SIEM use cases specifically tailored for Operational Technology (OT) environments, including onboarding data and creating advanced visualizations for near real-time visibility. Responsibilities also include providing operational support for globally deployed OT network monitoring solutions and offering consultative advice on security principles and SIEM best practices.