As a Senior Cybersecurity Consultant, you will play a critical role in enhancing our client’s organization's security posture by focusing on log ingestion, parsing, normalization, and the development of security rules within their Trellix/FireEye SIEM environment (Helix). Your expertise will help define alerts, establish thresholds, and create dashboards that provide insights into the security posture of specific business applications. Additionally, you will be responsible for creating playbooks for the security monitoring processes being implemented. A strong understanding of cloud environments and their integration with Helix SIEM is essential for this role.
Key Responsibilities:
- Collaborate with the security operations team to manage log ingestion processes, ensuring efficient parsing and normalization of data.
- Develop and implement new security rules in Helix, tailored to the specific needs of business applications.
- Define alerts and thresholds to detect deviations in the environment and potential security incidents.
- Create and maintain Helix dashboards that effectively communicate the security posture of various business applications.
- Develop comprehensive playbooks for new security monitoring events, ensuring consistency and compliance with best practices.
- Conduct a thorough analysis of security alerts generated in Helix and provide actionable insights to improve security measures.
- Stay current with emerging threats and vulnerabilities in both on-premises and cloud environments to refine and enhance security rules and alerts.
- Document processes, findings, and recommendations to support ongoing security initiatives.
Required Skills & Experience:
- Proven experience as a Cyber Security Consultant, with a strong focus on SIEM solutions, particularly Helix.
- In-depth knowledge of log management, parsing, normalization, and security rule development.
- Experience in creating playbooks and documentation for security processes.
- Experience with cloud environments (e.g., AWS, Azure, Google Cloud) and their integration with SIEM tools.
- Familiarity with security frameworks and best practices.
- Strong analytical skills and the ability to interpret complex security data.
- Excellent communication skills, with the ability to convey technical information to non-technical stakeholders.
Nice to Have Skills & Experience:
- Relevant professional certifications (e.g., GCIH, GREM, CEH, CySA+)