Previous Job
Information Security Architect (SOC)
Ref No.: 18-23593
Location: Seattle, Washington
Job title: Information Security Architect (SOC)
Work Location: Bellevue, WA 98008
Duration: 6+ Months

Need: Linked-In 

Detailed job description 
Area of Responsibility:
• Assessment of SOC processes and identify improvement opportunities
• Assessment of SIEM use cases and identify gaps
• SPLUNK(SIEM) Level 2/3 activities
• Creating Use-cases and implement the use cases. 
• Document improvement implementation plan
• Provide advisory services for IT security infrastructure and recommend solutions, if needed for the following domains – 

o Identity & Access Management
o Application Security & Vulnerability management
o Data Security & privacy
o Infrastructure/Cloud Security
o Security Operations centre
• Co-ordinate efforts with technical stakeholders, including Architects, Business Leads and various Teams 
• Planning and Reporting activities

Knowledge and Skills: 
• Ideal Candidate should have at least 8+ years of experience focused on the SIEM/SOC Operations, Network Security Architecture, Firewall, VPN, etc.
• Hands on Experience with SPLUNK, Cisco/Palo Alto Firewalls, End point Security etc. is a must
• Good understanding of Splunk architecture. Knowledge about various components (indexer, forwarder, search head, deployment server). 
• Installation and Configuration of all SPLUNK components. 
• Hot, Warm, Cold, Frozen bucketing using IFX, Rex Command and REGEX in configuration files. 
• Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc. 
• Difference between event stats and stats. - Time chart attributes such as span, bins. 
• Creating dashboards, reports using XML. Inline search vs scheduled search in a dashboard 
• Various types of charts, knowledge of app creation, user and role access permissions. 
• Creating and managing app - create user, role 
• Permissions to knowledge objects Optimize searches. 
• Use techniques to optimize searches for better performance. 
• Search time vs Index time field extraction.
• CISSP, CISM, CISA, CEH or other information security certifications is preferable but not mandatory

Reach Me:
571-446-2333 Ext # 4002