Security Information

**Why Kyndryl****Your Role and Responsibilities**Primary functions include governance, oversight, and leadership for operational security activities, change requests, tuning and SLA/Service Quality metrics. Security Specialists assist in finding the proper balance between enabling and securing in relation to the client's organization, culture and ecosystem. Typical examples of the deliverables include asset classification models, risk analysis reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports and security awareness workshops. In this role specialty, the Security Specialist has expertise in the Security Incident & Event Management (SIEM) Security products.**Responsibilities**- Configure and administer the SIEM to support the needs of SOC.- Provide second-level technical support for SIEM tool.- Responsible for maintaining the health of the SIEM tool and ensuring the agreed uptime of the respective platform.- Perform regular patching and version upgrades on the SIEM platform.- Configure respective parsers, and forwarders (engage principal vendors if needed) to integrate various log sources with SIEM platform for log monitoring.- Coordinate or perform the scheduled backups and restore activities as per the backup policy.- Maintain the log baselines as per the requirements given in the log management policies and compliance requirements where applicable.- Manage faults, coordinate with principal vendor for resolution.- Ensure Health and Maintenance of DR platform if any.- Ensure real time data and Configuration replication between Primary and DR sites.- In case of Primary site failure, ensure platform availability in DR site within defined SLAs.- Maintain separate asset inventories for all log sources being on-boarded for all individual clients.- Maintain proper documentation for the entire SIEM platform.- Working across multiple accounts, you'll be the Subject Matter Expert for the respective SIEM Providing technical advice and guidance to SOC staff, Third Lines, System- Architects, Project Managers and other teams.- Developing strong relationships across the organization, with external strategic support partners and 3rd party vendors who provide tooling support. This ensures the safety of both on-prem data and systems, hosted and supported in other geographical locations. Knowledge and experience of SaaS, PaaS and IaaS solutions is desirable.- Responsibility for the on-going management and in-service configuration changes of multiple SIEM solutions in a 24/7 environment with an on-call requirement.- Troubleshoot, diagnose, report and resolve issues which may arise with several tools used to deliver our services (including other SIEM tooling)- Support the SOC Analysts in the use of the toolset and with investigations to establish the facts surrounding potential suspicious activities and to understand the impact and possible risks associated.- Creation, amendment, tuning and supporting the engineering of advanced or complex protective monitoring use cases.- Provide security consultancy to other internal teams for matters relating to the SIEM.- Support bid teams with their customer engagement by providing knowledge of the SIEM/SOC operations.- Creation of custom parsing RegEx for on-boarding new log sources- Troubleshooting complex issues that may occur within the SIEM and resolving them with the help of vendor support- Build and drive SIEM business, providing specialist advice and consultancy across the business and as part of sales engagement with external and internal customers.- Serves as a SME for the Asia region and coordinates the SIEM activities.- Articulate the business benefits of SIEM to business/technical customers as appropriate.- Advise clients of security standards, best practice and solutions relating to SIEM and SOC solutions.- Lead the SIEM architecture and design of major projects for clients, as well as partner within the wider practice to support SOC design and implementation.- Has SIEM industry awareness including market leaders and key business drivers.**Required Technical and Professional Expertise**- Advanced knowledge and experience of Cyber Security and evidence of working as a SIEM Engineer with previous experience in software, including architectural design, configuring, operating, and problem-solving activities- 3+ years of experience in SOC operation or incident response- As a senior member of the team, you will be accountable for the technical elements of complex work packages, working closely with customers and internal stakeholders to deliver comprehensive SIEM Management and support- A good understanding of implementing use cases and operational models or specific security solutions to meet the customer’s requirement and understanding of how SIEM solution- Support SOCs- Provide a Technical Escalation