As a Cyber Security Operations Center (CSOC) Architect & Presales Consultant you will be responsible for providing presales technical support to the sales team & presenting tailored demonstrations or qualification discussions to customers and/or prospects. You will also assist the Sales Team with qualifying opportunities – in or out & helping expand existing opportunities through solid questioning & positioning of IBM Security solutions, various Threat Intelligence Platforms & Endpoint Detection & Response. You will be responsible to develop various methodologies for Proof of Concept, Demonstration & Presentation on the supported products & solution.
As a CSOC Architect & Presales Consultant, you will be considered SME for designing and developing customer's Security Analytics, Cyber Security Operations, Automation & Response strategy based on IBM Product portfolio. This includes working as a team member with client personnel to identify functional & non-functional requirements and subsequently working with, or in some instances leading, others in the identification, justification & design of the proposed security solution including specific product requirements, solution design, demos including custom POC. The position requires in-depth expertise and experience in deploying IBM QRadar SIEM, Security Analytics, SOAR, Threat Hunting solutions.
You must have experience as Cyber Security SME for the IBM SOAR Implementations & integration for SOAR activities with other technologies. Must have experience preparing SOAR documents & presentations in such a way that they are easily understood by the appropriate audience. Must have demonstrated personal flexibility & focused delivery to ensure the delivery of quality solutions & increase customer satisfaction.
Cyber Security Operations Center (CSOC) Archaving hands-on experience with the below stated products and technologies will only be considered
Must have IBM QRadar SIEM & Resilient SOAR expertise for
• Multi-Site Implementation
• Integration with different components ( SIEM, Ticketing System, Security Devices)
• Deploy & Enable Playbooks /runbooks
• Develop Architecture Diagrams & Documentation
• Knowledge of Different Security controls and mechanisms
• Programming / Scripting in Python or JAVA
• Expertise in writing parsers for IBM QRadar SIEM
• Experience developing integration solutions with web service APIs using REST/JSON.
As a SOC Architect & Presales Consultant you will be responsible for providing multiple roles such as
• SOC Solution Architecting (including CSOC solutions like Threat Hunting, Threat Intelligence, EDR, NTA, KB, just to name a few)
• CSOC Solution Sizing
• Developing & responding RFPs
• Assist the Security Consultants with Presales activities
• Services – CSOC Consulting
• Develop Methodology and SOW for
o CSOC Maturity Assessment
o CSOC Roadmap & Strategy
o CSOC Governance
• Develop and present CSOC architecture to the end client
• Lead the CSOC project deployment delivery
Other than technical capabilities, the candidate must be capable to -
• Conduct analysis using both quantitative and qualitative sources
• Experience conveying technical information to non-technical consumers
• Contribute to and refine technical RFP/RFI responses
• Customer demonstrations and presentations
• Conducting & managing technical validation events (POC)
• Participating in conferences, shows, exhibitions when appropriate and requested
• Experience with networking, network protocols & security infrastructures
• Develop, maintain and brief network maps and link diagrams
• Excellent verbal and written communication skills
• Self-motivated and able to work in an independent manner
• High levels of integrity in the conduct of personal and professional affairs preferred
• A bias toward action, along with an internal drive for continuous improvement preferred
• Willing to work extra mile & to learn multiple the integration between security vendors to mitigate security threats.
• Willing to travel at least 40% of the time across GCC Countries
• Strong interpersonal and presentation skills, with ability to articulate complex technology simply.
• Ability to troubleshoot and solve technical problems.
• Ability to effectively multi-task & be able to handle a high volume of requests, specifically unplanned/unscheduled requests.
• Ability to work independently with little or no supervision and result oriented.
• Able to execute instructions and to request clarification when needed.
• Able to exhibit ability to be sensitive to the needs, concerns, and feeling of others.
• Able to interact effectively with all levels of management
• Strong application and infrastructure knowledge; e.g. Tomcat, PostgreSQL, SAML, IMAP, LDAP, Active Directory, SSO.
• Development Environment knowledge in linux, bash shell programming, git, gradle, virtual machines and Docker.
• Working knowledge of Networking concepts (firewalls, DNS, IP addressing, SSL/TLS and certificates).
• Bachelor’s Degree in Computer Science, Cyber Security, Information Systems or Business Administration or 10+ professional experience in a technical leadership role including at least 8+ years of direct experience in Cyber Security Operations Center – Implementation & Operations
• A minimum of one of the following security related certifications: CISSP, OSCP, OSEE, CEH, NIST, GSEC or CompTIA Security+ required
• Excellent written, verbal communication skills, ability to effectively coordinate multiple priorities in a dynamic environment, strong analytical and negotiating skills & excellent organization and interpersonal skills required
• Knowledgeable in Windows Domain, network and multi-tier application architectures
• Familiar with tools such as Nessus, Burp Suite, Linux, vulnerability management tools
• IPv4/6 and associated security measures
• Security software countermeasures
• Persuasive with details and facts
• Ability to work both independently as well as part of a geographically dispersed integrated team
• Ability to balance multiple priorities in a fast-paced, highly collaborative, frequently changing, and sometimes ambiguous environment
• Expert level knowledge of how to use network management tools and packet captures to resolve operational issues
• Familiarity with industry standard network management tools and common application traffic flow patterns in multi-tiered applications
• A solid understanding of what comprises a scalable, robust, supportable design for CSOC
• Expert knowledge in the following technologies:
o Microsoft Active Directory Services
o TCP/IP Based Networking Principles
o Microsoft / Linux Operating Systems
o Firewalls and Perimeter Security
o Proxies and Load Balancers
o Intrusion Detection and Prevention Systems (IDS/IPS)
Technology Expertise:
• Expert level experience in Operations of Cyber Security Operations Center – is a must (SIEM – IBM QRadar / SOAR – IBM Resilient)
o System Administration & Management procedures
o Log Integration
o Developing & deploying of rules for Use Case
o Parser development
o Threat Intelligence Feeds integration
o SOC Operations Standard Operating Procedures
o Integration of SIEM with technologies (Email, AD, SNMP, SMTP, Incident Response Platform)
o Reports and dashboards for SOC
o Developing & deploying of Playbooks & Runbooks
o SOAR Operations Troubleshooting Procedures
o Integration of SOAR with (SIEM, Email, AD, SNMP, SMTP, Incident Response Platform)
o Reports and dashboards for SOC
o Experience with any other SOAR solution such as Demisto will be an added advantage
• Expert level experience in deployment of any of the two below technologies
o Threat Hunting
o Incident Forensics
o Endpoint Detection & Response
o Threat Intelligence
o Data Leak Prevention
• Expert knowledge in the following technologies:
o Microsoft Active Directory Services
o TCP/IP Based Networking Principles
o Operating Systems (Microsoft / UNIX / Linux / MacOS)
o Network Systems / Network Security Systems (Firewalls / IPS / IDS, Proxies / Load Balancers / Routers / Switches / Tapping solutions)
