Total-TECH Co.
” The Job Description”
- Data Parsing: Configure data parsers to normalize and categorize log data for analysis.
- Rule Creation: Develop and maintain correlation rules to detect security incidents and anomalies.
- User Access Control: Manage user roles and permissions for the SIEM platform.
- Log Retention and Archiving: Define data retention policies and ensure log data is archived for compliance and forensic purposes.
- Software Updates and Patch Management: Keep the SIEM software up to date with the latest patches and updates.
- Integration with Other Security Tools: Integrate the SIEM with other security tools, such as intrusion detection systems (IDS) and vulnerability scanners.
- Fine-Tuning: Continuously optimize the SIEM to reduce false positives and improve detection accuracy.
- Compliance Reporting: Generate reports and alerts to comply with industry standards and regulations.
- Log Source Management: Add new log sources as the organization’s IT environment evolves.
- Disaster Recovery Planning: Develop and test disaster recovery plans to ensure the SIEM’s availability during critical incidents.
- Performance Monitoring: Monitor the SIEM’s performance and scalability, ensuring it can handle the volume of log data.
- Log Data Storage: Manage the storage infrastructure for log data, including backups and data retention policies.
- Threat Intelligence Integration: Integrate threat intelligence feeds to enhance the SIEM’s ability to detect new threats.
- Vendor and Support Management: Coordinate with SIEM vendors and support providers for technical assistance and updates.
- Security Policy Enforcement: Ensure that the SIEM helps enforce security policies and compliance requirements.
- Evaluate the logs form each log source and enhance it.