SIEM/SOC Specialist, Cybersecurity

Lenovo

2.6

(5)

São Paulo, Brazil

#WD00072366

Position summary

: LNVGY).

This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit https://www.lenovo.com, and read about the latest news via our StoryHub.

Description and Requirements

Primary Responsibilities

  • Provide engineering, operation and enhancement of the SIEM, SOC platform tools and data collection and analysis systems.

  • Develop, deploy, and tune tools content and reporting.

  • Assist in the design, architecture and implementation of use cases, detection rules, integration and workflows automation

  • Analyze existing use case catalogue and correlation rules implemented as well as automation workflows.

  • Cooperate with the other team members in correlation searches development and testing.

  • Prepare correlation search test, conduct test and document evidence from test that shows correlation search addresses scenario described in use case.

  • Cooperate with log source onboarding project to assure correct log source onboarding and log mapping to data models according to SOC tools best practices.

  • Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SOC tools detection logic.

  • Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems and SOC tools.

Knowledge and skills

  • 3+ years of hands-on SIEM experience.

  • Direct experience with SOC tools engineering and data integration.

  • Scripting and development skills in Python/Perl with deep comprehension of regular expressions.

  • General networking and security knowledge.

  • Experience with building intricate searches from disparate data sources and joining them together

  • Versed in building threat detections (correlation rules) using security logs to detect malicious activity with high fidelity

  • Knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory

  • The ability to aggregate and analyze logs from various deployed security devices.

  • Familiarity with DevOps and cloud computer service providers (AWS / Azure)

Additional Locations:

  • Brazil - São Paulo - São Paulo

  • Brazil - São Paulo - Sao Paulo