TECHNICAL LEAD - Fortinet FortiSOAR
Happiest Minds Technologies · Bengaluru, Karnataka, India
Happiest Minds Technologies · Bengaluru, Karnataka, India
**Job Description: FortiSIEM Incident Management and Reporting Specialist** **Job Title** **FortiSIEM Incident Management and Reporting Analyst / Engineer** **Location** Bengaluru / Hybrid / Remote (as applicable) **Experience** 4 to 9 Years **Employment Type** Full-Time **Job Summary** We are seeking a skilled and proactive FortiSIEM Incident Management and Reporting Specialist to support Security Operations Center (SOC) activities, security incident handling, monitoring, alert triaging, and compliance reporting using the FortiSIEM platform. The candidate will be responsible for real-time monitoring, investigation, escalation, incident response coordination, and generation of operational and management reports to enhance the organization?s cybersecurity posture. The ideal candidate should possess hands-on expertise in FortiSIEM administration, event correlation, incident analysis, log management, threat monitoring, and reporting/dashboarding within enterprise environments. **Key Roles and Responsibilities** **Incident Monitoring & Management** - Monitor security events and alerts generated through FortiSIEM dashboards and correlation rules. - Analyze, validate, and triage security incidents based on severity and business impact. - Investigate incidents related to: - Malware - Unauthorized access - Suspicious user activities - Network anomalies - Privilege misuse - Endpoint threats - Firewall/security device violations - Perform root cause analysis (RCA) for identified incidents. - Coordinate with internal IT, network, endpoint, cloud, and application teams for incident resolution. - Escalate critical incidents as per defined SLAs and incident response procedures. - Ensure accurate incident documentation, tracking, closure, and evidence preservation. - Support Major Incident Management (MIM) activities during security breaches. **FortiSIEM Administration & Operations** - Configure and manage FortiSIEM collectors, agents, and connectors. - Fine-tune alert correlation rules to minimize false positives and improve detection accuracy. - Manage log onboarding and integration from: - Firewalls - Servers - Endpoints - Cloud platforms - Active Directory - Network devices - Security solutions - Maintain health and performance of FortiSIEM infrastructure. - Monitor EPS (Events Per Second), system utilization, storage, and retention policies. - Perform troubleshooting for log ingestion and parser-related issues. - Support upgrades, patching, and backup activities for FortiSIEM components. **Reporting & Dashboard Management** - Generate daily, weekly, and monthly incident reports for operational and management stakeholders. - Prepare SOC metrics and KPI dashboards covering: - Incident trends - Threat categories - SLA adherence - Mean Time to Respond (MTTR) - Mean Time to Detect (MTTD) - False positive analysis - Develop customized FortiSIEM dashboards and compliance reports. - Provide audit-ready reports for compliance and regulatory requirements. - Present executive summaries and security posture reports to leadership teams. **Threat Detection & Use Case Management** - Develop and optimize SIEM use cases aligned with organizational security requirements. - Participate in threat hunting and proactive monitoring activities. - Recommend improvements in detection engineering and security monitoring capabilities. - Identify gaps in logging and monitoring coverage. **Compliance & Governance Support** - Support security audits, compliance assessments, and governance initiatives. - Ensure log retention and reporting compliance as per regulatory standards. - Assist in preparation of evidence and incident documentation for audits. - Support implementation of SOC processes, runbooks, and SOPs. **Required Technical Skills** **Mandatory Skills** - Hands-on experience with **FortiSIEM** platform administration and monitoring. - Experience in SOC operations and incident handling. - Strong understanding of: - SIEM concepts - Log management - Security event correlation - Incident response lifecycle - Knowledge of network/security technologies: - Firewalls - IDS/IPS - VPN - Endpoint Security - Windows/Linux logs - Experience with: - Syslog - SNMP - Windows Event Forwarding - REST APIs - Knowledge of cybersecurity frameworks and standards. **Preferred Skills** - Experience in MSSP/SOC environments. - Knowledge of MITRE ATT&CK framework. - Familiarity with Fortinet security products. - Knowledge of scripting languages such as Python or PowerShell for automation/reporting. - Experience integrating third-party tools with SIEM platforms. - Understanding of cloud security monitoring (Azure/AWS/O365). **Educational Qualifications** - Bachelor's degree in computer science, Information Security, IT, or related field. **Preferred Certifications** - Fortinet NSE Certifications - CompTIA Security+ - GCIA / GCIH - ITIL Foundation - CISSP (preferred) **Soft Skills** - Strong analytical and problem-solving skills. - Excellent communication and stakeholder management abilities. - Ability to work in rotational shifts / 24x7 SOC environment. - Strong documentation and reporting skills. - Ability to manage critical incidents under pressure.