Cyber SecurityData LogSpecialist
- WorkingLocation: Mons,Belgium
- SecurityClearance: NATOSecret
- Language:High proficiency level inEnglishlanguage
EXPERIENCEANDEDUCATION:
EssentialQualifications/Experience:
1+year of extensive practical experience as Splunk administrator(deployment, installation, configuration andmaintenance)
Extensivehands-on experience in regularexpressions
Extensiveexperience with on-boarding and managing data feeds within a SIEMenvironment. Practical experience in designing solutions to ingestnew data feeds intoSIEM
2+years expert level experience related to SIEM/LogA managementactivities
Demonstrableexperience of analysing and interpreting system, security andapplication logs in order to diagnose faults and spot abnormalbehaviours
Practicalhands-on experience in systems and tools administration, especiallyLinuxenvironment
Comprehensiveknowledge of the principles of computer and communication security,networking, and the vulnerabilities of modern operating systems andapplications
Practicalskills in writing Bash, Python or Ansible scripts to supportrepetitive tasksautomation
Linuxsystem and application administration andtroubleshooting
Abilityto develop clear and concise technical documentation, includingprocedures
DesirableQualifications/Experience:
Extensivepractical experience as Splunk administrator in large enterpriseenvironment (deployment, installation, configuration andmaintenance)
Practicalexperience of Splunk Enterprise security, Phantom andUBA
Practicalexperience (as system administrator) with MicroFocusArcSight
ExperienceinGIT
Hands-onexperience with Ansible as an automationtechnology
Proficientwith SIEM content creation correlation rules, reports,dashboards
Experiencein creation/modification of custom parsers or flexconnectors
Understandingthe Indicator of Compromise (IOC) concept and experience inintegration of Threat Intel feeds and IOCs with SIEMplatform
Softwareengineering including programming and/or scripting knowledge(python, shell scripting,PowerShell)
Priorexperience automating interactions between systems usingAPIs
Asolid understanding of Information Security Practices; relating tothe Confidentiality, Integrity and Availability of information (CIAtriad.)
Priorexperience as a user of SIEM and Log aggregationsystem
ITILService Managementcertifications
Experiencein developing SplunkApplications
Contentmanagement experience in Splunk, especially Enterprise Security andAdvanced Search andReporting
Hands-onexperience with network infrastructure and virtualized environments(preferablyVMWare)
Industryleading certification in the area of Cyber Security such as CISSP,CISM, MCSE/S, CISA, GSNA, SANS GIAC andCFCE
Previousexperience working for Cyber Security related organisations (CERTs,securityoffices)
Previousexperience working in an international environment comprising bothmilitary and civilianelements
DUTIES/ROLE:
Actas the Chief Technician and Subject Matter Expert (SME) for logcollection systems within the Cyber Security Datateam
Themain area of responsibility is managing multiple types, formats andquantities of data feeds to ensure established events and alertsare ingested from various log sources across NATO networks into theNCSC central security loggingplatform
Asthe SME, you will provide advice and technical assistance to otherstakeholders, maintain technical expertise, awareness, anddevelopments in related new technologies, and provide technicalcontributions to any projects related to the log collectionsystems
Managementof data feeds, including but not limitedto:
Ensuringproper receipt of events from differentsources
Correctionof data parsingissues
Keepingan inventory of all log sources from all monitorednetworks
Ensuringall data feeds are monitored in real time and issues areimmediately identified and workedupon
Asthe SME you will be required to coordinate activities with logsource providers at remote sites to ensure that data and logs arereceived into the NCSC central logging platform. In support of thisyou will establish and maintain a defined list of contacts with CISsupport personnel from remotesites
FollowingITIL standards, provide support to Operations and Service Deliverymanagement covering all stages of the log collection systemslifecycle with the emphasis on the log collection aspects (e.g.Service Design, Transition, Operations, Change Management andContinual ServiceImprovement)
Ensurethat log collection systems are installed, configured, andoperating correctly and in line with dependencies with otherssystems or applicationsrequired
Ensurethat all system components are continuously monitored and takeappropriate technical and non-technical actions for solvingdetectedissues
Ensurethat the Log Source Monitoring (Solarwinds or Splunk) solution isoperational and that alerts are generated and actioned upon for anymajor changes inservice
Ensurethat log collection systems operate within any KPIs, as defined inService Level Agreements with NCSCcustomers
Supportthe integration with external tools and provide technicalassistance for any associatedactivities
Proactivelyidentify and propose system improvements to ensure an up-to-dateand stable environment. Justify business needs, preparedocumentation and implementation plan for theChange
ManagementBoard. Implement the approved changes following co-ordination withotherstakeholders
Coordinatewith service delivery managers, end users and other stakeholders insupport of related services; communicate with other NATO entitiesas well as industry partners whererequired
Developand maintain documentation guidelines, standard operatingprocedures, system and service design documents and other relevantdocumentation that support management of the log collectionsystems
Createtechnical level reports as required; organise and deliverpresentations and briefings for variousaudience
No CV Required
How to get there?
Your email job alert is now active!