Sr Purview SIEM Administrator (Security administrator / System administrator L2+ (SIEM (Security Information and Event Management) tool Admin )
The Security Operations Center (SOC) is responsible for monitoring, detecting, analyzing, and performing incident response to cyber threats against applications, platforms, networks, and information. The environment includes local area networks/wide area networks (LAN/WAN), Internet connections, public-facing services & websites, wireless, mobile/cellular, cloud-based applications, and services (IaaS, PaaS, SaaS), security devices, servers, end-user workstations and laptops, production manufacturing, and various other 3rd party connections & services.
▪ We need an L3 that is highly technical with good communication and is very action-oriented.
▪ The L3 candidate must have "administrative experience" in Purview, SIEM (Splunk, Nitro, Sentinel, FireEye Helix, etc.)
▪ Cloud Security experience (Azure)
▪ Needs to have advanced certifications in MS Cloud Security.
Duties include:
• Administer and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents effectively. • Configure and customize SIEM rules, alerts, dashboards, and reports to meet the organization's security requirements and compliance standards.
• Perform regular health checks, tuning, and optimization of SIEM infrastructure to ensure optimal performance and maximum effectiveness.
• Monitor SIEM logs and alerts, investigate security incidents, and provide expert-level analysis and response to security events.
• Collaborate with SOC (Security Operations Center) analysts to triage, prioritize, and escalate security incidents based on severity and impact.
• Conduct regular SIEM platform upgrades, patches, and version migrations, following best practices and change management processes.
• Develop and maintain SIEM documentation, including configuration guides, standard operating procedures (SOPs), and knowledge base articles.
• Provide mentorship and training to junior team members and SOC analysts on SIEM administration best practices and techniques.
• Coordinate with vendors and internal stakeholders for SIEM platform integrations, upgrades, and troubleshooting as needed.
• Stay current with emerging SIEM technologies, trends, and threats, and make recommendations for continuous improvement of the SIEM environment.
• Manage and maintain the organization's SIEM (Security Information and Event Management) platform to monitor, analyze, and respond to security events and incidents.
• Implement and manage Data Loss Prevention (DLP) solutions to safeguard sensitive data and prevent unauthorized data exfiltration.
• Administer Endpoint Detection & Response (EDR) systems to detect, investigate, and remediate security threats on endpoints.
