LogRhythm Administrator

Job description :

Must Have Skills : SOC, SIEM, Security operations, Logrhythm,LRPA/LRCA Certification

Job Responsibilities :

- Administered LogRhythm SIEM, executing essential administrative tasks to ensure optimal SIEM performance and functionality

- Hands on experience in LogRythm web and Client Consoles. Alarms, reports, Log Sources on boarding, AIE rule creations, Updating KB Articles, Fine tuning Alarms.

- Hands on experience on ArcSight ESM > creating Active channels, Dashboards, reports and monitoring connectors Health status in ArcMc. Good understanding on ELK tool.

- Worked on ticketing tools like BMC, Jira, SMAX, OTRS and servicenow.

- Good knowledge of event analysis and use cases fine-tuning on any SIEM tools.

- Endpoint security (FireEye HX, EDR, XDR and Sentinel).

- Hands on experience McAfee EPO and PAM ARCON.

- Hands on experience on Email security (FireEye EX, Iron Port and O365 defender).

- Good knowledge on html, CSS and basics of Python.

- Worked on migration of ArcSight SIEM to LogRythm SIEM.

- Devices integration such as windows, Linux, security devices, switches, routers into LogRythm.

- Working on developing the use case as per requirements. Preparing daily health checks of LR instances. Worked on WAF observations and suspicious traffic on WAF.

- Maintaining all integrated devices into KRI data and creating reports, dashboards and correlations.

- Whitelisting false positive instances and updating alarm rules and maintaining documentation.

- SIEM data archiving, archived data validation and Updating/ adding threat feed with latest IOCs.

- Using basic Linux commands for process management, User permission configuration.

- Active participant in regular SOC Cyberdrills and CTF for the attacks.

- Identifying gaps in all logs and checking with respective teams for enrichment to reduce noise in logs.

- Preparing integrated devices reports and performing regular checks of logs receiving status.