Infosec Specialist

Zeiss In India

ZEISS in India is headquartered in Bengaluru and present in the fields of Industrial Quality Solutions, Research Microscopy Solutions, Medical Technology, Vision Care and Sports & Cine Optics.

ZEISS India has 3 production facilities, R&D center, Global IT services and about 40 Sales & Service offices in almost all Tier I and Tier II cities in India. With 2200+ employees and continued investments over 25 years in India, ZEISS’ success story in India is continuing at a rapid pace. 

Further information at ZEISS India.

Role Summary

As part of the Infosec Specialist Group, you will be responsible for designing, implementing, configuring, and maintaining SIEM platform to ensure efficient threat monitoring, detection, and response. Your primary focus will be on enhancing the efficiency, accuracy, and scalability of the SIEM systems. Additionally, you will assist the Global SOC and Detection Engineering teams with operational tasks and swiftly handle administrative responsibilities. This position also requires working closely with IT, business teams, and Infosec subject matter experts to expand log monitoring coverage and strengthen the organization's security posture through proactive threat detection.

Responsibilities

• Responsible for designing, configuring, maintaining and performance optimization of the SIEM system, while ensuring that the platform is current with the latest patches and updates.
• Develop processes and procedures, and maintain comprehensive documentation regarding SIEM operations.
• Defining log baseline and log ingestion (log integration) techniques for the log source types to ensure comprehensive coverage of security events in SIEM.
• Establishing log baseline and ingestion (integration) techniques for various log source types to ensure thorough coverage of security events within the SIEM system.
• Conduct regular assessments to identify the unmonitored log data sources, whether they are cloud-based, on-premises, or hybrid environments (including cloud-native, containers, CI/CD), and collaborate with Internal stakeholders to integrate them with SIEM to improve the log coverage.
• Stay Uptodate on the latest security threats and vulnerabilities. Integrate threat intelligence feeds into the SIEM to improve threat detection capabilities.
• Build automation tools/scripts (Python, PowerShell, REST APIs) for log data onboarding and rule deployment. Support designing workflows and implementation/integration of SOAR to automate incident response processes.
• Facilitate the gathering of evidence in SIEM for both internal and external audits
• Collaborate with internal stakeholders to identify key security requirements and develop and tune detection rules using MITRE ATT&CK, Cyber Kill Chain and anomaly-based models detect potential security threats and anomalies.
• Regularly review and optimize correlation rules based on evolving threats and organizational needs.
• Develop dashboards and reports for stakeholders to visualize Security metrics.
• Participate in post-incident reviews to identify areas for enhancing detection capabilities.
• Provide guidance to SOC analysts and engineers on rule effectiveness, dashboards and alert quality.

Role Requirements

Experience

At least 7+ years prior experience in SOC environment with hands-on experience in SIEM administration and usecase development.

Process and Technology Skills

• Proficient in SIEM platforms such as Splunk, Palo Alto Cortex, and Google SecOps, with comprehensive understanding of their architecture, deployment procedures, and continuous management
• Strong troubleshooting skills to resolve technical issues with SIEM.
• Expertise in collecting, parsing and normalizing log data from various sources such as servers, network devices, Cloud platforms and applications with strong Knowledge of log formats (Syslog, JSON, XML, Windows Event Logs)
• Strong understanding of networking protocols (TCP/IP, HTTP, SSL/TLS) and technologies such as Next-gen firewalls, intrusion detection/prevention systems (IDS/IPS), Proxy & DNS
• Understand cloud platforms (like AWS, Azure), their logging tools and integrate logs using agents, APIs, or native connectors via transport methods like Syslog, S3, Event Hub, Pub/Sub, or HTTP
• Deep understanding of MITRE ATT&CK framework (tactics, techniques & procedures). Also Familiarize with the Cyber Kill Chain model to map attacker progression
• Experience in developing, tuning & correlating the detection rules to reduce false positives and enhance detection accuracy
• Strong Knowledge in threat intelligence sources (commercial and open source) and proficient in automating alert enrichment using threat intel, familiar with STIX/TAXII standards for intelligence sharing
• Knowledge of security frameworks, like PCI-DSS, HIPAA, ISO 27001 and SOX, ensures compliance by managing access controls, logging, monitoring, security and auditing financial and sensitive data systems
• knowledge in Information Security policies, procedures, standards, best practices and guidelines
• Hands-on experience with scripting languages such as Python, PowerShell and REST APIs to automate SIEM functions, including data onboarding, rule deployment, enrichment and SOAR integration.
• Proficient in creating dynamic dashboards that clearly display security posture and event trends.

Other Skills

• Knowledge and understanding of project management methodologies, processes, and tools.
• Strong analytical skills and ability to solve complex technical problems with high attention to detail and accuracy.
• Strong team player and ability to work in a challenging and constantly changing environment.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Proficiency in verbal and written communication skills.
• Proficiency in time management and presentation skills
• Proficiency in decision-making and problem-solving skills

Education And Certification

• Bachelor’s degree in computer information systems or related field or equivalent demonstrated experience & knowledge.
• Professional certification in Information security like Security+, CCSE, CCSP, AZ900 – AZ500 etc, TICSA, MCSE, CISSP, etc. would be advantageous

Your Zeiss Recruiting Team:

Upasana Sinal