JOB SUMMARY:
We are seeking a highly motivated and detail-oriented SIEM Support Engineer to join our team in Lagos, Nigeria. As a crucial member of our Support team, you will play a key role in supporting, maintaining, and enhancing our security information and event management (SIEM) infrastructure built on ArcSight and Elastic.
Responsibilities:
SIEM Support and Maintenance:
Provide day-to-day operational support for both ArcSight and Elastic SIEM platforms, ensuring optimal performance and uptime.
Troubleshoot and resolve issues related to log collection, data ingestion, and rule execution.
Maintain accurate and up-to-date documentation for SIEM configurations and procedures.
ArcSight and Elastic Expertise:
- Possess in-depth knowledge of ArcSight and Elastic SIEM platforms, including their functionalities, configurations, and best practices.
- Stay informed about the latest updates and features for both platforms to ensure continuous improvement and optimization.
- Assist customers with complex SIEM configurations and incident investigations when needed.
Log Management:
- Monitor log sources and security events generated by both SIEM platforms for potential threats and anomalies.
- Analyze and investigate suspicious activities, escalating critical issues to senior engineers for further action.
- Contribute to the development and maintenance of log management policies and procedures.
Security Incident Response:
- Participate in the incident response process by providing technical support and analysis of security events from both SIEM platforms.
- Assist with containment, eradication, and recovery efforts as required.
Rule and Content Development:
- Create and customize correlation rules to identify and respond to security incidents.
- Develop and enhance content to enrich the detection capabilities of the ArcSight and Elastic platforms.
Collaboration and Communication:
- Collaborate effectively with the SOC team, IT teams, and other stakeholders to ensure smooth operation and efficient security incident response.
- Communicate clearly and concisely, both verbally and in writing, to document issues, solutions, and recommendations.
- Continuous Learning:
- Proactively stay updated on the latest cybersecurity threats, SIEM technologies, and industry best practices.
- Participate in training and development opportunities to enhance your skills and knowledge.
Qualifications
- Bachelor’s degree in computer science, Information Technology, or a related field.
- 2 years’ experience as an Elastic or ArcSight Engineer or in a similar role.
- Relevant certifications such as ArcSight ESM Administrator or equivalent.
Competencies
- In-depth knowledge of Elastic SIEM, ArcSight ESM, Logger, Connectors, and other related components.
- Strong understanding of cybersecurity principles, threat detection, and incident response.
- Experience in scripting (e.g., Python, PowerShell) for automation and customization.
- Excellent communication and collaboration skills.
- Ability to work independently and as part of a team in a fast-paced environment.
- Reporting Line: MD, Business Services and Operations