[Remote] Remote XSOAR Consultant
Note: The job is a remote job and is open to candidates in USA. Piper Companies is seeking a Remote XSOAR Consultant to join an international leader in cybersecurity services. The XSOAR Consultant will play a pivotal role in assisting with log migration and detection strategy for clients.
Responsibilities
- Collaborate with the technical lead to develop a log ingestion strategy
- Contribute to the detection strategy based on industry best practices
- Document a detailed step-by-step process for ingesting high-quality log sources
- Monitor and optimize log sources for maximum efficiency
- Create high-quality correlation rules to enhance threat detection
- Tune log sources and correlation rules for optimal performance
- Serve as a Subject Matter Expert (SME) for SIEM, correlation, and log source ingestion
- Identify opportunities for automation to improve analyst alert handling
- Work closely with internal and external teams to ensure product adoption
- Create technical documentation detailing SIEM aspects of the engagement
Skills
- 6+ years of experience in deploying and integrating SIEM solutions in enterprise to large enterprise-level environments
- Experience with Security Operation Centers tooling and processes
- Experience in coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM platforms
- Ability to create and develop correlation and detection rules within a SIEM to support alerting capabilities
- Experience with a variety of SIEM technologies such as Splunk, IBM QRadar, etc
- Proven ability to suggest detection strategies based on customer requirements
- Strong skills in Regular Expressions
- Ability to understand logs and locate/understand third-party documentation when necessary
- Familiarity with reports on the status of the SIEM, including metrics such as the number of logging sources, log collection rate, and other performance metrics
- Relevant bachelor's degree or industry-recognized qualifications (CISSP, GIAC, SIEM Vendor Qualification, etc.)
- Knowledge of Security Analysis & Response, including endpoint, network, and cloud-based environments, is a plus
Benefits
- Healthcare
- Dental
- Vision
- PTO
- Holiday
- Medical
- 401K
- Sick Leave
- Paid Holidays
Company Overview