Linux - SIEM Engineer
AlienVault - Cork, Ireland
APAC 24x7 group since April - previously working for the US market
Assisting customers (SOC Analysts, MSSPs, Security Researchers, IT personnel of large organizations) in the deployment, configuration and troubleshooting of their AlienVault USM appliances deployed in Hyper-V, VMware, AWS or bare metal.
Assist customer with their queries regarding all the open source projects and protocols used by the USM appliance. Not inclusive list: Suricata, Syslog, OpenVas, OSSEC, Nmap, PRADS, Nagios, Netflow, Ansible, Redis, RabbitMQ, MySql, Apache, Postfix, Debian administration.
Creation of custom reporting, threat intelligence directives and policies, Incident response.
Volunteered for creating various scripts using the AlienVault Open Threat Exchange Python SDK and submit Indicators of Compromise (IOCs) obtained across various available sources on the Internet. The IOCs submitted are mostly IP addresses involved in malicious activities and known phishing websites, automated the process for updating with a daily frequency. Top 10 all time contributors to the OTX network (over 50.000 users). 1 million IOCs submitted (and counting).