Security Information & Event Management(SIEM) Engineer - Developer

Full-Time (Permanent)
Location: Shah Alam

Job Responsibilities

  • Setting up security monitoring tools to receive raw security-relevant data (e.g. login/logoff events, persistent to outbound data transfers, firewall allows/denies, etc.). This includes making sure critical cloud and on-premises infrastructure (firewall, database server, file server, domain controller, DNS, email, web, active directory, etc.) are all sending logs to log management, log analytics, or SIEM tool.

  • To use these tools to find suspicious or malicious activity by analysing alerts; investigating indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.); reviewing and editing event correlation rules; performing triage on these alerts by determining their criticality and scope of impact; evaluating attribution and adversary details; sharing findings with the threat intelligence SMEs; etc.

  • Identifying capabilities and quality of these feeds and recommending improvements.

  • Researching and developing new threat detection use cases based on threat research findings, threat intelligence, analyst feedback and available log data.

  • Performing activities within the content life cycle, including creating new parsers/connectors and use cases, testing content; tuning, and removing content; and maintain associated documentation.

  • Creating specifications that junior content engineers can leverage as use case requirements.

  • Working with the other security functions and product SMEs to identify gaps within the existing analytical capabilities.

  • Developing of custom scripts as required to augment default SIEM functionality.

  • Participating in root cause analysis on security incidents and provide recommendations for containment and remediation.

  • Acting as the liaison to business units to fulfill audit, regulatory compliance as well as corporate security policy requirements.

  • Creating, implementing, and maintaining novel analytic methods and techniques for incident detection.

 

Requirements

  • Bachelor’s Degree in Computer Science/Information Security or similar discipline is preferred.

  • Experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).

  • Understanding of various log formats and source data for SIEM Analysis.

  • Minimum 5 years of information security experience, preferably engineering or development.

  • 3 years experience supporting a SIEM platform in a content development role.

  • 2 years experience performing SOC analysis and/or incident response.

  • Prior Senior-level experience in SIEM content development (Elastic, ArcSight, Splunk, QRadar, McAfee ESM, or similar SIEM platform).

  • Ability to effectively communicate with anyone, from end users to senior leadership - facilitating technical and non-technical communication.

  • Strong incident handling/incident response/security analytics skills.

  • Deep understanding of technical concepts including networking and various cyber-attacks.

  • Solid background with Windows and Linux platforms (security or system administration).

Personal Attributes

  • Willing to travel for customer support related assignment.

  • Motivated, independent, team player and able to build and maintain good relationship with customer.

  • Fluent in oral and written English.

  • Possess good presentation skills.