Job Description
ministration and management of SIEM, NTA, UEBA, SOAR, WAF, Antivirus solutions, IDAM, VPN etc. to ensure a secure data centre environment through implementation of appropriate security policies. The required hardware, software and the licenses will be provided by KSITM.
Identify and doing the necessary configurations for monitoring the critical devices, servers etc. under SIEM as per directions of KSITM.
24x7 monitoring the SIEM logs, NTA for finding out the security breaches, DDOS attacks etc.
Analyze the SIEM reports and take remedial actions.
Provide consolidated reports to KSITM/TPA on the security incidents, action taken, recommendations etc.
Addressing the ongoing needs of security management including, but not limited to, configuration and monitoring of various devices/ tools such as WAF, Firewalls, intrusion detection, Host based Intrusion Prevention (HIPS), sandbox, content filtering and blocking, virus protection, malware protection and vulnerability protection through implementation of proper patches and rules.
Maintaining an updated knowledge base of all the published security vulnerabilities and virus threats for related software and microcode etc.
Ensuring that latest patches for identified vulnerabilities are applied immediately.
Respond to security breaches or other security incidents and coordinate with respective OEM in case if a new threat is observed to ensure that patch is made available for the same.
Maintenance and management of security devices, including, but not limited to maintaining firewall services to restrict network protocols and traffic, detecting intrusions or unauthorized access to networks, systems, services, applications or data, protecting email gateways, firewalls, servers from viruses.
