Job description / Role
The following are the duties the employee can expect, but not limited to:
• Implement Securonix and other SIEM solutions
• Perform on-boarding of new clients
• Perform data ingestion from different log sources into the SIEM solution
• Troubleshoot and resolve data ingestion issues
• Perform data quality check on ingested data
• Troubleshoot and resolve data quality issues in the Securonix SIEM solution
• Manage SIEM backend infrastructure
• Develop content for Securonix Snypr platform for SIEM and UEBA modules
• Develop cyber threat models that can be utilized in the SIEM solution for threat detection based on inputs from the SOC team
• Manage day to day SIEM operational tasks
• Troubleshoot and resolve SIEM infrastructure related issues
• Document SIEM implementation and deployment
• Create SIEM and SOC related operational documentation
• Integrate and share information with other analysts and other teams
• Provide threat and vulnerability analysis as well as security advisory services
• Perform regular health checks on SIEM infrastructure and data collection nodes
• Implement various security solutions as and when required
• Manage interactions with internal and external clients
• Support the SOC team and client in the incident response process
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Perform root cause analysis, document findings and collaborate with technology/process owners to prevent future occurrences
• Participate in the documentation process to ensure accuracy of documentation critical to the team’s success
• Assist with the development of new content and tuning existing content for SIEM, IDS, and other security technologies
• Interact with other IT personnel, sometimes of different nationalities.
OMR 2,500 to 3,000 per month inclusive of fixed allowances.
Senior Security Engineer – Deployment and Content Development for Securonix (Next Generation SIEM Solution & UEBA)
• Hands-on deployment of Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) solutions
• At least 5+ years experience working in deploying and managing SIEM solutions like Securonix, Exabeam, Splunk, LogRhythm, AlienVault, ArcSight, QRadar and Nitro ESM
• At least 3+ years experience working in the field of Content development and worked for delivering and/or building content on Securonix, Splunk, AlienVault, ArcSight, QRadar, Nitro ESM
• Experience in developing custom parsers
• Solid networking fundamentals
• Solid experience with Linux/Unix operating environments (configuration and troubleshooting)
• Strong analytical skills to understand data and come up with use cases to enhance detection
• Strong understanding with information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, and cloud security tools
• Strong understanding of APT kill chain frameworks like MITRE, Lockheed Martin etc.
• Experience in Cyber Security technologies and concepts such as insider threat, malware, lateral movement, beaconing, ransomware, data theft, fraud
• Experience working with regular expressions and understanding of YARA rules
• Strong programming background with advanced skills in Java, MySQL, Hadoop is preferred.
• Experience in coding using Core Java and related technologies, scripting languages like Bash, Python etc.
• Experience in working with Hadoop/Relational databases/SQL queries.
• Proven skills in technical writing, verbal communications, consulting, and problem solving in a rapidly changing technical environment
• Proven experience being team-oriented and self-motivated, with a keen attention
to detail and the ability to work independently
• Ability to effectively communicate and work with individuals from diverse backgrounds or cultures.
• Good understanding of Incident Management and Response
• Experience in security device management and SIEM
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Excellent communication skills
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills, Problem solving and Interpersonal skills
• Working knowledge and experience with MS office with proficiency in Excel and PowerPoint
About the Company
National Security Services Group (NSSG) is a cyber security firm located in the Sultanate of Oman.
NSSG is designed to assist the private and government sectors determine their in-depth threats and provide solutions in coordination with our partners, which alleviates and reduces the risk in the every growing world today.
NSSG seeks only the best and most qualified personnel to lead companies and governments alike, into the future.