SIEM Subject Matter Expert_REMOTE _ROJI

About us - Coders Brain is a global leader in its services, digital and business solutions that partners with its clients to simplify, strengthen and transform their businesses. We ensure the highest levels of certainty and satisfaction through a deep-set commitment to our clients, comprehensive industry expertise and a global network of innovation and delivery centers. We achieved our success because of how successfully we integrate with our clients.

• Quick Implementation - We offer quick implementation for the new onboarding client.

• Experienced Team - We’ve built an elite and diverse team that brings its unique blend of talent, expertise, and experience to make you more successful, ensuring our services are uniquely customized to your specific needs.

• One Stop Solution - Coders Brain provides end-to-end solutions for the businesses at an affordable price with uninterrupted and effortless services.

• Ease of Use - All of our products are user friendly and scalable across multiple platforms. Our dedicated team at Coders Brain implements keeping the interest of enterprise and users in mind.

• Secure - We understand and treat your security with utmost importance. Hence we blend security and

scalability in our implementation considering long term impact on business benefit.

              

 Castle Shield is seeking a Subject Matter Expert (SME) for its Legion SIEM/EDR/XDR security product line. This individual has extensive hands-on experience with:

● EDR Solutions (Crowdstrike, SentinelOne, CarbonBlack, and eventually our Legion SIEM solution)

● EPP Solutions (Cylance, McAfee, Symantec, and eventually our Legion SIEM solution)

● SIEM/log management (ArcSight, QRadar, Splunk, Securonix, and eventually our Legion SIEM Solution.)

● UEBA/User and Entity Behavior Analytics

● Security Orchestration and Response (SOAR)

● Incident response and/or threat hunting

● Cyber security (endpoint, network, frameworks, etc.)

● Troubleshooting large scale and complex issues related to the above Candidate will work with Castle Shield’s internal and remote teams (PM, QA, SRE, Customer Integration, Engineering, Sales) to translate customer use cases into product requirements, QA testing cases, compelling sales demos, proof of concept success criteria as well as provide direct hands-on assistance for large scale customer implementations from a Level 3 and 4 support perspective. To support customer implementations, the candidate should have a proven ability to solve complex troubleshooting problems. However, the individual’s focus is initially on internal support rather than external support. In addition to internal support, the candidate may potentially work with OEM and value-added partners to provide technical enablement, scope, enable and support related opportunities. This includes working with OEM providers for routers, firewalls, and other endpoints to ensure that our Legion SIEM parsers are kept up to date. Also, the candidate should have strong experience with security tools like firewalls, web proxies, WAF, DLP, VPN, EDR/EPP/AV/HIPS, VPN, and email security. This is a great opportunity to be an integral part of a growing team that is currently working on building Castle Shield’s next generation SIEM solution. We are looking for a talented, self-motivated, and passionate engineer who can work and support internal teams and eventually support external customers to achieve business objectives.

 

Responsibilities include but not limited to:

● Be the thought leader in data platform and pipeline

● Work closely with Castle Shield’s Technical Account Managers (TAMs) to ensure customers' short- and long-term needs are met

 ● Support data onboarding and customer installation of Castle Shield’s Legion (SIEM) for proof-of-concept testing and production implementations

● Perform QA exploratory testing of beta release candidates as needed

● Work closely with Product Development engineers in whiteboarding sessions to provide technical/use case contextual information needed for specific feature development (in fact, the SME will eventually lead this effort)

● Work closely with Product Managers to ensure urgent and important requirements are included in product release planning and help in the reassessment of product roadmap

• Monitor and assess CVEs to determine if the Legion SIEM rules need to be created or updated

● Understand customers' endpoint security needs to help them solve those needs with Castle Shield’s team member support as required

 ● Assist customers with product installation, setup, configuration, and problem escalation via virtual meetings as required

● Maintain vigilance with the cybersecurity industry and competitive landscape to influence the strategic direction of the product (again, this includes reviewing CVEs on a regular basis)

 ● Contribute to the development of product related sales-enablement packages and product messaging ● Act as a mentor for the SOC and SIEM Configuration team members

 

Required Skills:

● 5+ years of hands-on experience in the IT security industry

● 3+ years of experience in at least one of the following SIEM platforms: ArcSight, QRadar, Splunk, Securonix as well as related technologies (UEBA/SOAR/ML)

● Endpoint security and related products (EPP, EDR, AV, HIPS)

 ● Network security and related products (FW, WAF, DLP, proxy, packet capture, VPN, email security)

 ● Security threat intelligence; types, providers, formats, and implementation in large scale threat hunting

● Incident response and threat hunting techniques using data correlation / ML across multiple attack vectors

● Working knowledge of one or more threat models: MITRE ATT&CK, diamond, Lockheed Martin cyber kill chain

 ● Technical proficiency in Windows, Linux, and/or macOS

 ● Strong troubleshooting skills

 ● In depth experience in data lakes and related ecosystems

● Project management experience

 ● Prior experience supporting enterprise customers

● Excellent written skills (whitepapers, technical documents, and blogs)

● Excellent interpersonal and presentation skills Additional Skills Desired:

● Security focused pre-sales engineering experience

● Experience with machine learning / artificial intelligence

 ● Experience with vulnerability management, secure configuration management, policy compliance, file integrity monitoring

● Experience with coordinating and communicating across multiple time zone