Riyadh, Riyadh, SA-Saudi Arabia
Atos is a global leader in digital transformation with 110,000 employees in 73 countries and annual revenue of € 12 billion. European number one in Cloud, Cybersecurity and High-Performance Computing, the Group provides end-to-end Orchestrated Hybrid Cloud, Big Data, Business Applications and Digital Workplace solutions. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and operates under the brands Atos, Atos|Syntel, and Unify. Atos is a SE (Societas Europaea), listed on the CAC40 Paris stock index.
The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.
Minimum University/College degree in a technical discipline (Computer Science or Engineering preferred) or equivalent work experience.
Minimum 5+ years of Information Security experience required managing, administering ArcSight infrastructure.
Developing business rules, logic for a minimum period of 3 year.
Certification – ArcSight ESM Certified Security Administrator (ACSD) or Certification – ArcSight ESM Certified Security Analyst (AESA) (Preferrable).
Experience in the operation of a large ArcSight Event Management System.
Experience in the development of ArcSight Content.
Experience in the configuration and management of ArcSight Appliances and flex/ custom connectors. Detailed knowledge of firewalls and networking devices.
Ability to work independently with minimum supervision. Ability to openly share/discuss ideas and suggestions with team members. Ability to explore and investigate new products and solutions. High level of attention to detail and accuracy, high ethical standard.
Job Description and Responsibilities: –
Produce documentation on designs and content developed.
Monitoring of SIEM CONSOLE dashboard daily for technical issues.
Complete the SIEM admin pending activities/tasks highlighted in shift Turnover Status Report.
Representing the remote SOC operation team and with incident handling capabilities.
Preparing and presenting the reports and participating in meetings with customer.
Assist Project Lead in SIEM admin related work and management reporting.
Review SIEM advisories and make necessary detection/support measures.
Perform Risk Analysis/pilot testing for new scheduled report /rule request.
Add/Modify/Delete scheduled reports based on approved change requests.
Participate in incident drill, incident handing activities. Review and interpret events generated by various components including firewalls, switches, application software, databases, and operating systems.
Raise an incident ticket with SIEM vendor if critical issues observed (BUG, unparsed events from SIEM supported device). Collaborate with customer IT Team to support the SOC operation needs.
Following service desk process such as taking ownership of SR/IR/CR, changing state of ticket, submitting for approval, adding work log, status. Investigate and debug alerts.
Monitoring SIEM resource performance and hardware issues.
SIEM resource backup -Optional.
Handover Email / Shift handover for pending task and request.
Log baseline preparation for new log source addition. Configuring SIEM console to collect logs from new log source.
Performing configuration changes on SIEM devices.
Analysing and troubleshooting if health parameter thresholds exceed the defined values.
Raise CR for SIEM infrastructure change and SIEM resource modification.
Log stoppage troubleshooting and integrating new log sources. Support on Connector and log collection issues.
Perform recovery of data or configuration as needed.
Fine tune the expensive use cases/Custom parsers.
Upgrade the existing connectors and maintain the checklist.
Suggesting the operations team to upgrade the firmware of the endpoints based on the recommendations from SIEM vendor.
Feasibility check and creating custom parsers based on the requirement and testing it in our lab setup before deployment.
Regular training and knowledge sharing session with the operations and junior team.
Creation of Parser overrides and assisting the operations team in case of missing fields, wrong assignments etc.
Co-coordinating with Micro Focus to ensure that all the SIEM components Tier 3 issue.
Working with/as Linux admin in case of any OS, Network related issues.
Maintaining the OS patches, hardening and SIEM application versions. Such as upgrade, migrate etc.
Using the security products (such as email gateway, EDR) for analysis/hunting and IOC based detection and prevention.
Here at Atos, we want all of our employees to feel valued, appreciated, and free to be who they are at work. Our employee lifecycle processes are designed to prevent discrimination against our people regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes them unique. Across the globe, we have created a variety of programs to embed our Atos culture of inclusivity, and work hard to ensure that all of our employees have an equal opportunity to contribute and feel that they are exactly where they belong.