Legion Siem Subject Matter Expert

We are seeking a Subject Matter Expert (SME) for its Legion SIEM/EDR/XDR security product

line. This individual has extensive hands-on experience with:

- EDR Solutions (Crowdstrike, SentinelOne, CarbonBlack, and eventually our Legion SIEM

solution)
- EPP Solutions (Cylance, McAfee, Symantec, and eventually our Legion SIEM solution)
- SIEM/log management (ArcSight, QRadar, Splunk, Securonix, and eventually our Legion

SIEM Solution.)
- UEBA/User and Entity Behavior Analytics
- Security Orchestration and Response (SOAR)
- Incident response and/or threat hunting
- Cyber security (endpoint, network, frameworks, etc.)
- Troubleshooting large scale and complex issues related to the above

Integration, Engineering, Sales) to translate customer use cases into product requirements, QA

testing cases, compelling sales demos, proof of concept success criteria as well as provide direct

hands-on assistance for large scale customer implementations from a Level 3 and 4 support

solve complex troubleshooting problems. However, the individual’s focus is initially on internal

support rather than external support.

partners to provide technical enablement, scope, enable and support related opportunities. This

includes working with OEM providers for routers, firewalls, and other endpoints to ensure that our

Legion SIEM parsers are kept up to date.

This is a great opportunity to be an integral part of a growing team that is currently working on

building next generation SIEM solution.

We are looking for a talented, self-motivated, and passionate engineer who can work and support

internal teams and eventually support external customers to achieve business objectives.

Responsibilities include but not limited to:

- Be the thought leader in data platform and pipeline
- Work closely with Castle Shield’s Technical Account Managers (TAMs) to ensure customers'

short
- and long-term needs are met
- Support data onboarding and customer installation (SIEM) for

proof-of-concept testing and production implementations
- Work closely with Product Development engineers in whiteboarding sessions to provide

technical/use case contextual information needed for specific feature development (in fact,

the SME will eventually lead this effort)
- Work closely with Product Managers to ensure urgent and important requirements are

included in product release planning and help in the reassessment of product roadmap
- Monitor and assess CVEs to determine if the Legion SIEM rules need to be created or

updated
- Understand customers' endpoint security needs to help them solve those needs with team member support as required
- Assist customers with product installation, setup, configuration, and problem escalation via

virtual meetings as required
- Maintain vigilance with the cybersecurity industry and competitive landscape to influence

the strategic direction of the product (again, this includes reviewing CVEs on a regular

basis)
- Contribute to the development of product related sales-enablement packages and product

messaging
- Act as a mentor for the SOC and SIEM Configuration team members

**Required Skills**:

- 5+ years of hands-on experience in the IT security industry
- 3+ years of experience in at least one of the following SIEM platforms: ArcSight, QRadar,

Splunk, Securonix as well as related technologies (UEBA/SOAR/ML)
- Endpoint security and related products (EPP, EDR, AV, HIPS)

security)
- Security threat intelligence; types, providers, formats, and implementation in large scale

threat hunting
- Incident response and threat hunting techniques using data correlation / ML across

multiple attack vectors
- Working knowledge of one or more threat models: MITRE ATT&CK, diamond, Lockheed

Martin cyber kill chain
- Technical proficiency in Windows, Linux, and/or macOS
- Strong troubleshooting skills
- In depth experience in data lakes and related ecosystems
- Project management experience
- Prior experience supporting enterprise customers
- Excellent written skills (whitepapers, technical documents, and blogs)
- Excellent interpersonal and presentation skills

Additional Skills Desired:

- Security focused pre-sales engineering experience
- Experience with machine learning / artificial intelligence
- Experience with vulnerability management, secure configuration management, policy

compliance, file integrity monitoring
- Experience with coordinating and communicating across multiple time zones

**Job Type**: Temporary

**Salary**: ₹120,000.00 - ₹130,000.00 per month

Schedule:

- Day shift
- Morning shift

Ability to commute/relocate:

- Gurgaon, Haryana: Reliably commute or planning to relocate before starting work (required)

**Experience**:

- total work: 1 year (required)