Siem Enginer- L3 - Gurugram, Haryana, India - Rackspace

Rackspace
Rackspace
Verified Company
Gurugram, Haryana, India

1 week ago

Deepika Kaur

Posted by:

Deepika Kaur

beBee Recuiter
Description

SecOps Engineer L3 (SIEM Enginering)
***
About Rackspace Cyber Defence

  • Rackspace Cyber Defence is our next generation cyber defence and security operations capability that builds on 20+ years of securing customer environments to deliver proactive, riskbased, threatinformed and intelligence driven security services.

Our purpose is to enable our customers to defend against the evolving threat landscape across on-premises, private cloud, public cloud and multi-cloud workloads.


Our goal is to go beyond traditional security controls to deliver cloud-native, DevOps-centric and fully integrated 24x7x365 cyber defence capabilities that deliver a
proactive,
threat-informed,
risk-based,
intelligence-driven approach to detecting and responding to threats.


Our mission is to help our customers:

  • Proactively detect and respond to cyber-attacks
  • 24x7x36
  • Defend against new and emerging risks that impact their business.
  • Reduce their attack surface across private cloud, hybrid cloud, public cloud, and multicloud environments.
  • Reduce their exposure to risks that impact their identity and brand.
  • Develop operational resilience.
  • Maintain compliance with legal, regulatory and compliance obligations.

What we're looking for:


  • To support our continued success and deliver a Fanatical Experience to our customers, Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in SIEM Engineering to support Rackspace's strategic customers.
  • This role is particularly wellsuited to a selfstarting, experienced and motivated Sr. Security Engineer, who has a proven record of accomplishment in the design, delivery, management, operation and continuous improvement of cloudnative SIEM platforms (such as Microsoft Sentinel.)
  • The primary focus will be on the design, implementation, management, operation and continuous improvement of cloudnative SIEM platforms; used by the Rackspace Cyber Defence Center to deliver managed security services to our customers.
  • You will also be required to liaise closely with the customer's key stakeholders, which may include incident response and disaster recovery teams as well as information security.

Key Accountabilities:


  • Ensure the Customer's operational and production environment remains healthy and secure at all the times.
  • Critical platform incident handling & closure.
  • Assist with customer onboarding loading of feeds, etc. to Sentinel, Splunk, Qradar, Google Chronical.
  • Advance threat hunting.
  • Develop custom dashboards and reporting templates.
  • Develop complex to customer specific use cases.
  • Advance platform administration, ideally through a DevOpscentric approach.
  • Solution recommendation for issues.
  • Coordinate with vendor for issue resolution.
  • Basic and Intermediate Playbook and workflow enhancement.
  • Maintain close working relationships with relevant teams and individual key stakeholders, such as incident response and disaster recovery teams as well as information security etc.
  • Develop the custom parsers for the Incident and alert enrichment.
  • Problem specific playbook and workflow creation and enhancements
  • Required to work flexible timings.

- ***
Skills & Experience:
  • Should have experience of 8 years in Security Engineering.
  • Existing experience as a Security Operations Engineer, or equivalent.
  • Experience of working in large scale, public cloud environments and with using cloud native security monitoring tools such as:
  • SIEM platforms such as Microsoft Sentinel (preferred), Google Chronicle, Splunk, QRadar, LogRhythm, Securonix etc.
- o Microsoft cloud-native security tools such as Microsoft 365 Defender and Defender for Cloud
- o Endpoint Detection & Response (EDR) tools such as Crowdstrike, Microsoft Defender for Endpoint.
- o Firewalls and network security tools such as Palo Alto, Fortinet, Juniper, and Cisco.
- o Web Application Firewall (WAF) tools such as Cloudflare, Akamai and Azure WAF.
- o Data Loss Prevention (DLP) tools such as Microsoft Purview, McAfee and Symantec
- o GCP (Google Cloud Platform) Security Command Centre.

  • Experience of security controls, such as network access controls; identity, authentication, and access management controls (IAAM); and intrusion detection and prevention controls.
  • Knowledge of security standards (good practice) such as NIST, ISO27001, CIS (Center for Internet Security), OWASP and Cloud Controls Matrix (CCM) etc.
  • Knowledge of scripting and coding with languages such as Terraform, python, javascript, golang, bash and/or powershell.
  • Knowledge of DevOps practices such as CI/CD, Azure DevOps, CircleCI, GitHub Actions, Ansible and/or Jenkins.
  • Computer science, engineering, or information technology related degree (although not a strict requirement)
  • Holds one, or more, of the following certificates (or equivalent):
  • Certified Information Security Systems Professional (CISSP)
- o Microsoft Certifie
More jobs from Rackspace
See all jobs of Rackspace