Insider Job Board Insiderjobboard.com

Start Your Job Search

Search:

SIEM Analyst

We are seeking a highly skilled and experienced SIEM Analyst to join our team. The ideal candidate will have a minimum of five years of overall IT or cybersecurity experience, including at least three years of working knowledge in Government Community Cloud High (GCC-H)/GCC environments. This role involves managing and optimizing Security Information and Event Management (SIEM) systems, with a focus on Microsoft Sentinel, log management, threat intelligence, and incident handling. The SIEM Analyst will play a critical role in ensuring the security and efficiency of our clients' environments through proactive monitoring, analysis, and continuous improvement.

Roles and Responsibilities:

  1. Log Management:
    • Reviewing the ingestion and normalization of logs to ensure accuracy and completeness.
    • Ingesting and analyzing all common log formats.
    • Consulting on log storage methods, pricing tiers, and cost management recommendations.
  2. Microsoft Sentinel Management:
    • Managing Microsoft Sentinel with regularly updated baselines.
    • Continuously deploying updated rules to enhance security monitoring.
  3. Threat Intelligence:
    • Disbursing threat intelligence to key employees.
    • Sharing hardening recommendations and updating baselines based on lessons learned across the client base.
  4. Staff Support:
    • Providing educational development by leveraging Microsoft partnerships and team expertise to conduct workshops and training on Azure and M365 Cloud Services.
  5. Continuous Improvement:
    • Reviewing architecture to identify gaps in cybersecurity solutions.
    • Driving efficiencies in logging and log storage processes.
  6. Program Management Support:
    • Participating in recurring operational touchpoints.
    • Conducting quarterly executive management reviews to provide updates and insights.
  7. Automated Response:
    • Utilizing expert systems to enhance security investigations by integrating and analyzing external and internal data sources.
    • Automating investigation workflows to reduce manual effort and accelerate incident response times.
  8. 24x7x365 Monitoring of Security Events:
    • Providing advanced endpoint detection and response (EDR) threat detection and response services for desktops, servers, and firewalls.
    • Monitoring and managing security alarms for firewalls, network devices, and Active Directory user behavior.
    • Monitoring Microsoft Sentinel instances and analyzing syslog and Common Event Format (CEF) data.
    • Developing custom alerting capabilities based on business requirements.
  9. Incident Handling Support:
    • Supporting incident management for the Security Operations Center (SOC).
    • Conducting recurring operational reviews with the designated SOC Lead.
    • Providing recommended best practices for responding to security events.
Required Qualifications:
  • Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree.
  • Minimum of five (5) years of overall IT or cybersecurity experience.
  • At least three (3) years of hands-on experience in Government Community Cloud High (GCC-H)/GCC environments.
  • Knowledge, skills, and abilities to operate, maintain, and upgrade two or more of the following tools: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, NetWitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, and ServiceNow.
  • Strong analytical, problem-solving, and communication skills.
  • Ability to pass a Public Trust background check prior to onboarding.