Description:

Roles & Responsibilities:

• The Senior Security Platform Specialist is a senior member of the Threat Management team responsible for operating and maintaining the Security Incident and Event Management (SIEM), including ingestion of logs from various log sources, developing and tuning of use cases.

Mandatory:

• The candidate must have hands-on experience in security platform engineering that include the Design, Configuration, Deployment and Operationalization of Sentinel Security Incident and Event Management (SIEM)

Key Capabilities & Responsibilities"

• Lead the log onboarding and integration process for Sentinel SIEM, ensuring successful integration of various log sources onto the SIEM, including the development of custom use cases where required.
• Maintain, and administer security monitoring and alerting systems and processes, ensuring ongoing visibility into the security of environments.
• Continuously improve the efficiency of threat detection, alerting and response through use case development, tuning and automation
• Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firm’s Managed Security Services Provider (MSSP) services.
• Utilize scripting languages, including PowerShell, Python, and KQL, to automate tasks and enhance system functionality.
• Development of advanced Sentinel queries and workbooks, including Logic/Function App development
• Create and maintain system documentation for security event processing.
• Expand the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics.
• Assist in the incident response processes to contain, remediate, and recover from security incidents.
• Maximize security tools to continuously improve the detection, prevention, and analysis of security incidents.
• Maintain, administer, and integrate threat detection and remediation capabilities into security operations to address emergent cyber threats to products, services, data, and infrastructure.
• Maintain and administer the day-to-day activities of Sentinel Security Incident and Event Management (SIEM), including
• SIEM Platform Operations
• Log Integration
• Use Cases
• Use Case tuning
• Logging and Monitoring
• Log analysis and correlation
• Security Orchestration (SOAR)
• Runbooks for critical incident types
• Security Monitoring / User and Entity Behavior Analytics (UEBA)
• Security Incident Response & Remediation
• Actively analyze external threat sources as leading indicators of attacker activity and contribute to broader defense sharing network
• Partner with Architecture, Engineering and Application Development teams to establish and maintain comprehensive visibility into potential risk events across a large scale cloud environment
• Develop the integration and automation strategy around multiple automation (SOAR) toolsets
• Create and maintain operational policies and procedures including playbooks and runbooks
• Partner with the Risk Management team to define Key Risk Indicators and automated dashboards presenting risks and KPIs
• Hands on configuration experience
• Manage and maintain the integration of threat intelligence feeds into the SIEM to enhance detection capabilities.
• Ensure the SIEM platform supports compliance reporting requirements relevant to our industry (e.g., NIST SP800-53, NIST CSF, CSA CMM).
• Provide training to other team members and stakeholders on the usage, benefits, and outputs of the SIEM system.
• Experience with cloud security and integrating cloud logs into the SIEM.
• Experience with EDR solutions is an asset.

Qualifications & Skills:

• Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent work experience).
• 5+ years of IT experience, with a minimum of 3 years of hands-on experience deploying, configuring, and troubleshooting Sentinel SIEM and Defender.
• An understanding of threat detection and response is critical, including the ability to create, manage, and investigate alerts, understanding security threats, anomalies, and breach patterns.
• Hand-on experience in KQL with developing Use Cases in MS Sentinel
• Experience in Function App and /or Logic App development
• Strong core foundation experience in fundamental cloud technologies and services
  Relevant professional certifications in Cloud (AWS, GCP, Azure e.g. SC-100: Cybersecurity Architect) and IT Security (Security+, CISSP, CCSP) are highly desirable.
  Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment.
• Knowledge of the Financial Services industry is a definite asset.
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors