Job description / Role
At DarkMatter, we are building an organization of specialists to provide the ultimate integrated cyber security protection available. Whatever the scope, scale or sensitivity of our clients' work, we will assess their risks, resolve their vulnerabilities and always keep them ahead of the threat, offering them the best possible products and solutions.
As a SIEM Engineer, you will:
The SIEM Engineer is a L2 support personnel for the entire SIEM platform. Be responsible for all Splunk platform stability related activities to include on-boarding logs. Provide hand over to the content developer once the logs are on-boarded and are parsing properly. SIEM Engineers responsibilities include:
- Configure and administer the SIEM to support the needs of SOC.
- Provide first level technical support for SIEM tool.
- Responsible for maintaining the health of the SIEM tool and ensuring 99.96% uptime of the platform.
- Perform regular patching and version upgrades on the SIEM platform.
- Create necessary dashboards in SIEM to enable the SOC security monitoring.
- Perform SIEM software patching activities.
- Configure forwarders and develop TAs (if needed) to integrate various log sources with SIEM platform for log monitoring.
- Coordinate or perform the scheduled backups and restore activities as per the backup policy.
- Maintain the log baselines as per the requirements given in the log management policies and compliance requirements.
- Manage faults; coordinate with principal vendor for resolution.
- Ensure Health and Maintenance of DR platform.
- Ensure real time data and Configuration replication between Primary and DR sites.
- In case of Primary site failure, ensure platform availability in DR site within defined SLAs.
- Ensure health and availability of all Heavy Forwarders deployed at client site.
- Maintain separate asset inventories for all log sources being on-boarded for all individual clients.
- Maintain proper documentation for the entire SIEM platform.
To bring your dream to life, you'll need:
- 6+ years of hands on experience in Information Security domain.
- 2+ years of experience in IT/OT SOC environments.
- Must be currently working in a Security Operations Environment, preferably in a power plant environment.
- Experience working with ICS best practices and frameworks such as: ISA-99/IEC-62443, NERC CIP, NIST SP 800-82, etc.
- Experience working with security practices, operations and maintenance, and technologies within ICS/SCADA environments.
- Experience working with industrial protocols such as OPC. Modbus TCP, HART, etc.
Working in Abu Dhabi
At DarkMatter, we're turning our biggest ideas into reality in the fastest moving and most dynamic city on the planet. Working here, you'll lead technical innovation in the region while taking advantage of all Abu Dhabi has to offer. From first class healthcare and education, to superior living accommodations and cultural attractions, you'll find your ideal career and more in this global crossroads. The UAE is one of the safest and most secure areas in the world. And with its location between Europe, Africa and Asia, you'll expand your worldview in just a short flight. But you won't have to venture far from the city to experience its diversity. You'll find people of over 50 nationalities working in the DarkMatter Group. Join us and see that while far away from the concrete tech jungle, Abu Dhabi is an oasis where your latest innovations will thrive and grow.
About the Company
DarkMatter is transforming the cyber security landscape. Headquartered in the UAE and operating globally, we're the region's first and only fully integrated digital defence and cyber security consultancy and implementation firm. Our elite team of global experts deliver advanced, next-generation solutions to governments and enterprises across the cyber security spectrum.
We help clients simplify the enormous complexity of today's ever-evolving cyber threats. Our vision is to protect the future by securing its technologies. Innovation and Research are cornerstones to our development and the activities in these areas underpin our entire range of offerings, including Secure Communications, Public Key Infrastructure and Big Data & Analytics products.