Experienced Jobs Vacancy – SIEM Engineer Job Openings at Qualys

Requisite Qualifications for SIEM Engineer Job Openings at Qualys:

• 1–3 years of experience in cybersecurity on writing security use-cases
• Leverage various technologies in a very high paced team including: Sigma, Yara, ElasticSearch, Git and Python.
• Experience with SOAR tools
• Detailed understanding of security architecture principals and best practices.
• In-depth understanding of Windows operating systems administration
• In-depth understanding of networking or network administration
• Previous experience conducting adversary emulation
• Previous experience using cyber intelligence analysis or threat intelligence reports
• Knowledge or application of the MITRE ATT&CK Framework
• Basic experience with anomaly detection based on security systems
• Experience using an IDS eg., Snort
• Basic command of Linux systems administration and working with BASH
• Hands on experience configuring Windows or Linux system logging
• Basic understanding of networking including TCP/IP
• Wxperience with network monitoring and packet analysis tools
• Basic understanding of HTTP, SSL/TLS, SOAP, and reverse proxies
• Understanding of the OWASP Top 10
• Basic knowledge of threat vectors against the Windows or Linux platform

The responsibilities include:

• Comprehensive knowledge in defining alert logic and write security use-cases with a focus on threat detection and incident response.
• Continuously evaluate and improve the performance and efficacy of the SIEM by tuning existing rules and integrating new data sources.
• Participate in regular incident postmortem exercises, with a focus on deficiencies requiring additional attention.
• Expertise with SIEM systems and security log analysis and event correlation.
• Detailed technical experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities.
• Contribute expertise in the following areas: threat hunting, red/blue team engagements, threat intelligence, data analysis, risk management, governance to a global team.
• Leverage Risk Based Analytics to prioritize and manage security events based on risk scores to enhance effectiveness and accuracy of threat detection and response.
• Threat research and threat hunting to identify emerging tactics, techniques, and procedures (TTPs) to build detection requirements using an intelligence driven approach
• Partner with the security engineering team to mature monitoring and response capabilities.
• Design automated workflows, develop automated security response playbooks and integrate security technologies with SOAR platforms.
• Own the development and operation of automation and orchestration tools to reduce manual tasks.
• Stay ahead of, and remain knowledgeable about, new threats and tactics. Analyze attacker tactics, techniques, and procedures (TTPs) from security events across a large network of devices and end-user systems.
• Provide security guidance on existing and emerging cyber security threats.
• Knowledge of Cloud platforms (AWS, Azure, GCP,OCI)