Security Information Event Managment

RESPONSIBILITIES• Develop and implement automated security solutions for vulnerability scanning, log analysis, and security configuration management.• Design and implement centralized log management systems.• Automate security tasks and manage systems using scripting languages (Python, PowerShell, Bash).• Secure cloud environments (AWS, Azure) through automation and configuration management.• Manage PKI infrastructure, including certificate lifecycle management and key management.• Collaborate with system administrators and stakeholders to enhance security posture.• Stay current on the latest security technologies and automation techniques.• Define security baselines (e.g., CIS benchmarks) for Windows and Linux servers in aviation environments and automate the process of checking and enforcing these baselines using tools like Ansible/Puppet and scripting.SKILLS• Cybersecurity & Automation Expertise: Requires 3-5+ years of progressive cybersecurity engineering experience with a strong focus on systems security, security automation, log management, cloud, and PKI.• Strong Scripting & Automation Skills: Proficiency in scripting languages (Python, PowerShell, Bash) for security automation and system management. Deep experience with automation frameworks (Ansible, Puppet, Chef, Terraform) and CI/CD tools (Jenkins, GitLab CI/CD, Azure DevOps) to build and deploy automated security solutions.• Log Management & SIEM Expertise: Deep understanding of log management principles, technologies, and SIEM solutions (Securonix, Sentinel, Event Hubs, Graylog, Logstash, Fluentd) for log collection, analysis, correlation, and security monitoring.• Cloud & PKI Security Focus: Expertise in cloud security (AWS or Azure), leveraging cloud APIs and security services (AWS Security Hub, Azure Security Center, AWS Lambda, Grafana). Extensive experience with PKI, including certificate lifecycle management, key management, and PKI infrastructure administration.• Security Automation & Tool Integration: Ability to leverage tools like Tanium and Dynatrace (or similar) to automate security tool deployment and configuration in both on-premises and cloud environments.PREFERRED CERTIFICATIONS• CISSP (Certified Information Systems Security Professional)• CCSP (Certified Cloud Security Professional)• CompTIA Security+• AWS Certified Security - Specialty• Microsoft Certified: Azure Security Engineer AssociateTOOLS AND TECHNOLOGIESScripting & Automation:• Scripting Languages: Python, PowerShell, Bash• Automation Frameworks: Ansible, Puppet, Chef, Terraform• CI/CD Tools: Jenkins, GitLab CI/CD, Azure DevOps (for security automation)Cloud Platforms (AWS or Azure Focus):• Cloud APIs & SDKs: (AWS SDK, Azure SDK)• Cloud Security & Monitoring Services: (AWS Security Hub, Azure Security Center, CloudWatch, Azure Monitor)• Data Visualization: Grafana, Kibana or similarLogging & Monitoring (SIEM/Log Management):• SIEM Platforms: (e.g., Securonix, Sentinel, Splunk)• Log Management Tools: (e.g., Graylog, ELK/Elastic Stack, Fluentd)Public Key Infrastructure (PKI):• Certificate Authorities (CA): (e.g., Microsoft AD CS, OpenSSL, HashiCorp Vault)• Key Management Systems (KMS): (e.g., Hardware HSMs, AWS KMS, Azure Key Vault)SURROUNDING TEAM/KEY PROJECTS:• Define security baselines (e.g., CIS benchmarks) for Windows and Linux servers used in aircraft environments, and then automate the process of checking and enforcing these baselines using tools like Ansible/Puppet and scripting.• Automate the collection of security logs from AWS/Azure services relevant to aviation applications, process and normalize those logs, and ingest them into a SIEM (like Azure Sentinel or a cloud-based SIEM). Create automated dashboards and alerts in Grafana or the SIEM based on these logs.• Automate certificate enrollment, renewal, revocation, and monitoring for various aviation services using a Surrounding team/key projects • Define security baselines (e.g., CIS benchmarks) for Windows and Linux servers used in aircraft environments, and then automate the process of checking and enforcing these baselines using tools like Ansible/Puppet and scripting.• Automate the collection of security logs from AWS/Azure services relevant to aviation applications, process and normalize those logs, and ingest them into a SIEM (like Azure Sentinel or a cloud-based SIEM). Create automated dashboards and alerts in Grafana or the SIEM based on these logs.• Automate certificate enrollment, renewal, revocation, and monitoring for various aviation services using a PKI infrastructure (like AD CS or HashiCorp Vault) and scripting/automation tools. This could involve integrating with load balancers, web servers, or application servers.• Automate vulnerability scans of aviation systems (using Nessus or similar), process the scan results, prioritize vulnerabilities based on severity and exploitability, and generate automated reports. Integrate this with a ticketing system or notification system to alert relevant teams for remediation.• Develop scripts or playbooks within the SIEM (or using serverless functions triggered by SIEM alerts) to automatically analyze security events, enrich them with context, perform initial triage, and potentially automate basic incident response actions.Expected annual pay for this role ranges from $100000 to $125000. Based on the position, the role is also eligible for Wipro's standard benefits including a full range of medical and dental benefits options, disability insurance, paid time off (inclusive of sick leave), other paid and unpaid leave options.

Created: 2025-03-02