Lenovo

Experience & Skills:

• Education: Bachelor’s degree or equivalent in technology is preferred.
• Experience: Minimum of 8+ years of relevant experience in IT Infrastructure Support – SIEM tools preferably with multiple client’s landscape and technology landscapes (Windows Server, Unix, Linux).
• Strong knowledge of Security Operations Center (SOC).
• Previous experience in design and implementation of SIEM (Splunk, QRadar, ArcSight etc.) solutions.
• Required Experience in administrating or monitoring detection/security tools: SIEM, EDR, Endpoint Protection, IPS/IDS, DLP, Cloud Security (GCP. AWS, Azure), Identity and Access Management, Firewalls and Networking
• Strong knowledge of troubleshooting, client relations, and cybersecurity principles. Ability to implement a plan to address and mitigate security vulnerabilities.
• Excellent experience in threat intelligence, network forensics.
• Experience on variety of other security devices found in a SOC environment.
• Experienced in supporting for large/medium Manage Services accounts.
• Strong knowledge in firewalls, ID/IPS, AV/EDR, Proxy, DNS, email, AD, etc.
• Solid understanding in Log formats of various security devices like Proxy, Firewall, IDS/IPS DNS,
• Strong Understanding of network architecture.
• Solid understanding of current trends in attacker and threat actor tools, techniques, and procedures (TTP) and mitigation steps
• Core understanding of possible attacks activities such as network probing/scanning, DDOS, etc.
• Relevant expert level technical certifications (Security+, CEH, CISSP, CISM, etc.)
• Strong problem-solving and analytical skills, initiative, eagerness to learn, improve, and ability to work independently within a team structure
• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
• Good understanding of ITIL (Information Technology Infrastructure Library) principles
• Excellent command over verbal & written English Language
• Experience with various service delivery technical tools
• Good Communication and presentation skills
• Persistent, detail oriented, able to multitask
• Ability to work for large organization in a complex and heterogeneous IT environment
• Ability to work across Geographies and multi-cultural environments.
• Experience in working with both physical and virtual teams

Job Deliverables:

• L3 level Investigate triaged events and incidents using SIEM technologies.
• Support and lead security incident response in a cross-functional collaboration environment driving towards incident resolution
• Acknowledge, analyze, and validate incidents triggered from correlated events through various SIEM tools used in SOC operation.
• Handle Technical escalations & crisis Management.
• Lead technical transition of Cyber security technologies for new FMS customers.
• Prepare / approve the technical SOPs for SIEM tools for managed services and implementation services.
• Escalating and getting solution from OEM Support Team.
• Design, Implementation and troubleshooting of SIEM solutions.
• Assist pre-sales with SIEM sizing, Architecture, RFPs and client technical meetings.
• Deploy and configure the SIEM platform as per Vendor guidelines and industry Best Practices.

• SIEM tool migration - (Platform Migration / DB to DB Migration).
• SIEM tool upgrade & patching.
• Task Automation using Scripts.
• Plan and lead activities from pre to post. Create POA with all required details.
• Design, implementation & Troubleshooting of SIEM tool & Database Backup and restore - (Using native tools & Backup solutions).
• SIEM tool auditing & Performance tuning.
• Responsible to mentor the L1/L2 team to build an appropriate support capability in line with the service offerings and customer technology landscape.
• Keeping up to date with technology trends and developments.
• Work closely with service delivery team and ensure the agreed KPIs with customers are met.
• Prepare the RCAs and technical analysis on time for all P1 tickets, critical issues and on need basis.
• Provide feedback on necessary improvements and process re-engineering to Technical Domain Leads.
• Identifying risks and forming contingency plans as soon as possible.
• Providing accurate and regular reports to the management on performance of the Domain Engineers
• Provides technical feedback to L2/L1 to improve individual performance and overall service delivery.
• Always ensure customer satisfaction