cyber defense engineer - security information and event Management (siem)DXC Technology (Philippines)

The Cyber Defense - Security Information and Event Management is an integral part of the Cyber Defense Leveraged SOC Team managing and responding to validated security incidents, both technical and non-technical, with the objective of controlling impact within acceptable levels.
Job specifics/responsibilities:
· Subject matter expert for onboarding SIEM components for new MSS clients.
· Manage appliance or virtual appliance OS and SIEM software.
· Create innovative solutions to automate and reduce timeframes for operational changes as well as initial installation of the platform.
· Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
· Configure backups, verify custom reports, manage log source groups, and validate log sources with client.
· Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
· Perform formal Health Check and administrative password change.
· Perform formal Architectural Review.
· Create custom rules/rule modifications and custom reports/ report modifications as needed.
· Manage SIEM user accounts (create, delete, modify, etc.).
· Add /Remove log sources. Troubleshoot issues with log sources or systems with vendor, and report system defects as needed.
· Manage product enhancement / feature requests with vendors as needed.
· Perform software upgrades, updates and patches as needed.
· Create client-specific Watch Lists if necessary.
· Perform technical account management duties for specific top-tier, strategic clients.
· Responsible for major SIEM client environmental changes including upgrades.
· Create custom documentation for internal and external needs.
· Responsible for mentoring and training of SIEM Engineer as well as Security Resources in the area of expertise
· Attend vendor-specific meetings and conferences for business and professional development.
· Responsible for testing and configuring new products and technologies.
· Assist with designing and documenting work processes within the SOC which includes automation of tasks. Design and implement automation when possible.
· Supports productization initiatives by updated with future market driven technologies and process that relates to information security
Key deliverables/accountabilities:
Ongoing support activities to be performed according to SLAs and defined timelines
Tasks to be performed with the highest quality and according to predefined timelines
Working relationships:
Internal:
Other Internal Support Teams
Shift Managers
Client Capability Leads
Technical Owners
Account Support Team members
Technology Delivery Managers
Service Delivery Managers
Team Technology Leads
Account Security Officers
External:
· Client Security Teams
· DXC Partners and service providers
Education (degree) and professional experience required:
Degree/Diploma in Computer Science, Computer Engineering, Electrical Engineering, Management Information Systems or equivalent professional certifications that demonstrates security and technical competencies. i.e. Google Cloud Security Engineer, AWS Certified Security Specialty, Microsoft Certified Expert.
?Minimum of 2 years' experience or combined experience within IT Operations, Security Services, Infrastructure services support (Systems NT, UX, Backups, DB's, IT Security or Network management), operations monitoring and end user support.
Minimum of 3 years' hands-on technical knowledge of the applicable technology platform that you will be responsible for. i.e. Splunk, ArcSight, Vigilance, etc.
Qualified to degree level or equivalent experience
Professional certifications in Information Security
Proven track record in incident management and problem solving with experience of creating and managing operational processes
Project Management/Service Management qualifications
Due to the nature of some of our clients a current security clearance is preferable
Other requirements:
Fluent in English language
Personal skills and qualities:
· A self-motivated individual with a flexible approach to working
· Experience of working as an Incident Manager, or as a within an Information Security Response Team
· Experience working as SIEM Engineer (Splunk, ArcSight, Vigilance etc.)
· Understanding of incident handling skills - techniques, decision points and supporting tools
· Ability to manage complex situations which could potentially impact the customer business both operationally and financially
· Ability to remain calm and focused in high pressure situations identifying business resources essential to recovery
· Ability to resolve customer issues with a virtual team who may work in different departments across the global organization
· Excellent interpersonal skills with the ability to interpret and explain technical problems to non-technical business stakeholders at all levels
· Demonstrable experience of post incident review practices
· Develop and maintain a strong relationship and trust with the Client Security Teams
· Foundation technical skills - basic understanding of underlying technologies
· Strong verbal and written communication skills with experience of writing and presenting reports for audiences at all levels, especially senior management
Technical skills:
Good knowledge of Network / System Administration.
Good understanding of the OSI Layer and Layered Security
Knowledge of types and sources of tools and equipment required to adequately equip Incident Response Teams
Good understanding of Cloud infrastructure concepts, ie. IAAS, PAAS, SAAS
An active interest in Internet Security, incident detection, network and systems security
Bossjob

Manila City, Metro Manila
Permanent
Full-time