"Essential Job Functions:-
• Individuals at this job are responsible for managing SIEM infrastructure like Microsoft Azure Sentinel and / or other SIEMs
• Working knowledge of Microsoft Azure cloud platform, log analytics workspaces.
• Excellent knowledge of KQL (Kusto Query Language).
• Writing SIEM rules (Cross device and complex correlation) to implement detection in Microsoft Azure Sentinel and / or other SIEM.
• Creating playbooks to implement SOAR in Microsoft Azure Sentinel.
• Integration of log sources with Azure Sentinel and ArcSight.
• Excellent knowledge of Logstash, ELK.
• Creating and implementing logic apps in Azure Sentinel.
• Creating workbooks to implement dashboards and apps.
• Read coded scripts and modify and debug programs.
• Develop custom parsers to parse logs from different sources including firewalls, operating systems, applications, etc.
• Work on various operating systems and platforms."