Senior Consultant: SIEM / XDR Implementation
Coretek Services
N/A
Job Details
Not Specified
Full Job Description
The Sr. Consultant - SIEM/XDR Implementation is a technical point person in the implementation of the Coretek SIEM/XDR services for customers focused on Microsoft security (Sentinel and Defender suite) as well as integration with 3rd party security platforms. This person must be experienced in SIEM & XDR implementation and tuning. This position requires a personable individual possessing the ability to work with customers of various experience levels in understanding their security technology ecosystem, telemetry sources, and use cases and guide them into the Coretek standards of the XDR/SIEM services.
Day in the Life
This person would be responsible leading the onboarding design sessions and then creating the build packages for the XDR service to be sent to the implementation team for automated or common tasks as well as acting as an SME for developing implementation engineers. Must have a desire to mentor and the patience to develop relationships. The XDR implementer is responsible for addressing any new or previously undocumented integrations, configurations, or capabilities that are discovered as part of an engagement. New technology features or integration items would be worked on with the architects and other implementors for documentation, automation, and implementation processes that would be updated in the standard. In the case of an existing implementation of the Microsoft XDR suite, this individual would guide the customer through a discovery session and work with the implementation teams to do a quality control and baseline analysis and create a path to the Coretek standards.
Is this you?
The right candidate is a senior resource that understands how to be a good partner for the customer and internal resources to guide the process with the right amount of pushback, accommodation, and guidance. A willingness to work with others to spread the workload across resource teams in the US and India is a must. This is a customer facing and focused position. Must be able to work collaboratively and be willing to adhere to and help set standards and provide input and direction for the continued refinement and advancement of the platform and services.
Responsibilities:
- Primary customer facing technical contact in guiding customer onboarding SIEM/XDR projects.
- Provide senior XDR architecture and operational security advisor to Coretek customers.
- Extensive knowledge and experience with implementing, managing, updating, and tuning a SIEM platform.
- Technical implementations lead and coordinator for SIEM/XDR projects.
- Use cases, log/alert source ingestion, rightsizing retention, optimizing data sources/connectors, optimizing platforms.
- Provide guidance and education to customers for the journey to Coretek Standards.
- Knowledge of KQL (or other query languages) & Analytic Rules
- Knowledge of Microsoft or other logging agents + Data Collection Rules and Policies
- Automation Playbooks/Logic Apps
- Design / Implementation of Dashboard or Workbooks
- Work with the architecture and implementation teams in designing SIEM platform architecture, creation of procedures, implementation of processes, automating tasks, enhancing tool monitoring, ensuring overall health of these platforms, and development of staff for managing and maintaining security systems across internal and customer environments.
- Guide customers of varying experience and SIEM/XDR knowledge into the Coretek SOC/XDR service offering and standards.
- Implement the features of the Microsoft 365 E5 stack, focusing on security (Defender, Sentinel, etc.) according to Microsoft and Coretek's best practices.
- Act as an SME for new SIEM related use cases, implementation issues, or integrations.
- Familiarity with identity management solutions with Azure cloud and Active Directory including Entra ID and authentication methods.
- Occasional custom log source integration and parser template updates or input to other team members.
- Continuously identify and develop security and productivity-enhancing improvements through automation, better procedures, and other innovations.
- Support Coretek SOC (Security Operations Center) teams in tuning to reduce MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond)
- Follow Coretek’s implementation plan and QC (Quality Control) guide when working on a project and contribute feedback and continuous improvement to the process.
- Interface with Coretek’s SOC to streamline a smooth handoff from delivery to Managed Services
- Assessing customer's existing security infrastructure and identifying vulnerabilities and weaknesses.
- Self-manage a project by escalating risks and issues while working within the project budget.
- Providing training and knowledge transfer to customer's IT staff on Microsoft security technologies and best practices.
- Knowledgeable in latest trends and developments in Microsoft and 3rd party security technologies and incorporating them into customer solutions.
Requirements
- 5+ years working in security technology design and deployment roles.
- Previous SOC experience is a plus
- Relevant security certifications for SIEM or Security platforms
- Microsoft Certified: Security, Compliance, and Identity Fundamentals, Microsoft Certified: Azure Security Engineer Associate, etc. is a plus.
- Strong understanding of cloud security principles and best practice.
- Microsoft Azure and Office 365 a plus.
- Experience with Palo Alto XDR a plus. Other XDR Product experience accepted.
- Knowledge of one or more common scripting tools, PowerShell, Python, Bash.
- Good awareness and experience in a wide range of security tools.
- MSP/MSSP or multi-tenant experience desired.
- Experience working within an office environment including knowledge of office processes, procedures, and technology.
- Excellent verbal and written communication skills with the ability to interact with internal and external customers.
- Strong analytical skills and attention to detail.
- Must be a self-starter with excellent time management skills.
- Prior experience in a technical role in IT Consulting environment a plus.
- Up to 20% travel within the US.