Csa Siem Admin

Job Title CSA SIEM Admin Sentinel Corporate Title Assistant Vice PresidentLocation Bangalore IndiaRole DescriptionThe COO Chief Information Security Office CISO is responsible for addressing information security risks to the Deutsche Bank global IT as a Security Engineer-AVP you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering Architecture organization You will serve as a technical expert for the platform engineering and provide 24x7x365 support for critical security technologies The role primarily entails hands on technical product design build support of multi SIEM platforms Microsoft Sentinel Chronicle Splunk You will be part of a global SIEM Operations Team What well offer youAs part of our flexible scheme here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100 reimbursement under childcare assistance benefit gender neutral Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs and above Your key responsibilities Configure manage and optimize Microsoft Sentinel for efficient threat detection and response Ensure SIEM infrastructure is running optimally including performance monitoring and issue resolution Regularly update and optimize SIEM policies rules and configurations based on evolving threats Onboard configure and manage data connectors from various log sources including cloud on-premises and hybrid environments Ensure log ingestion health and troubleshoot data collection issues Develop implement and fine-tune analytics rules detection logic and playbooks in Sentinel Assist SOC and incident response teams with log analysis threat correlation and incident investigation Reduce false positives by refining detection rules and optimizing event filtering Implements and maintains Splunk platform infrastructure and configuration Designs and optimizes Splunk platform architecture for large-scale and distributed deployments Good understanding of security frameworks vulnerability management and incident response Implement and enhance automation using Kusto Query Language KQL Logic Apps and Microsoft Defender XDR integrations Maintain SIEM compliance with security policies industry regulations e g GDPR NIST ISO 27001 and best practices Generate reports and dashboards to provide visibility into security posture and SIEM performance Experience managing Linux and Windows agents in a Splunk environment Strong understanding of Splunk system architecture and best practices Work with SOC IT and Cloud Security teams to enhance Sentinel capabilities Document SIEM configurations detection use cases and operational procedures Incident Problem Management Change Release Management Vendor Management Capacity Management functions for the platform Maintain up-to-date knowledge of technology standards industry trends emerging technologies and cyber security best practices Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence Passionate about data to drive information-based security analytics Value add - Person in having experience in Cloud Management Splunk and Chronicle Your skills and experienceThe candidate must have Engineering Background in Computer Science Information Technology Cybersecurity or related field and a minimum of 8 years of experience with recent experience in Security engineering system administration network engineering software engineering development with a focus on Cybersecurity 8 years of IT engineering experience with recent experience in building and managing infrastructure and security platforms 3 years of Experience implementing architecting and administering SIEM platforms like Sentinel Chronicle Splunk for a large global organization Knowledge of Azure services and data ingestion from those services into SIEM Familiarity with MITRE ATT CK cyber threat intelligence and SOC Workflows Understanding of SOAR Principles Hands on Experience with Microsoft Azure platform managing various configurations to enable manage Sentinel Experience developing in XML Bash Python and PowerShell scripts DevOps Engineering experience Terraform SDLC Actions Independent self-motivated proactive approach to problem solving and prevention Excellent written and verbal communication skills Passionate about cyber security and the aptitude to identify and solve security problems How well support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teamsPlease visit our company website for further information We strive for a in which we are empowered to excel together every day This includes acting responsibly thinking commercially taking initiative and working collaboratively Together we share and celebrate the successes of our people Together we are Deutsche Bank Group We welcome applications from all people and promote a positive fair and inclusive work environment