Responsibilities
Required Security Clearance: NATO SECRET
* Management, maintenance and configuration of SIEM/LogA tools
o Security Incident Event Management (SIEM) - Splunk Enterprise Security, Microfocus ArcSight ESM
o Log Aggregation (LogA) - Splunk Forwarders, Microfocus ArcSight Loggers and Connectors
* Setup a monitoring mechanism detecting potential issues in real time. Issues may relate to software configuration, delivery of service, loss of log sources, performance issues, HW resources, data parsing, etc.
* Continuously monitor all system components (SIEM, LogA, log sources) and take appropriate actions to resolve detected issues.
* Support project activities related to SIEM/LogA capability; act as a subject matter expert (SME) and point of contact (POC) to facilitate further system development.
* Provide technical support in troubleshooting infrastructure and operational issues and collaborate with other teams for resolution.
* Provide required support and assistance for integration with external tools.
* Ensure that SIEM/LogA specialized applications are installed, configured, and running properly, in line with dependencies with other systems or applications.
* Identify upgrade requirements and areas of improvement to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and propose an implementation plan for the Change Management Board.
* Implement approved changes in coordination with other stakeholders.
* Proactively recommend optimizations to capabilities to provide effective and efficient service operations.
* Review security documentation and provide technical advice when requested.
* Maintain awareness of new technologies, industry standards and best practices; participate in knowledge sharing with SIEM/LogA community and develop solutions efficiently.
* Create technical and/or executive level reports as required.
* Provide SME input for future projects and system expansion.
* Perform other essential duties as assigned.
* Standard working hours, with exceptions for nonstandard hours up to 360 hours annually.
* May exceptionally require work outside standard hours in support of a major Cyber Incident or on a shift system for a limited period due to urgent operational needs.
Qualifications
* NATO Secret security clearance.
* Essential to have a Bachelor's Degree in Computer Science with a minimum of 2 years' experience as Cyber Tools Engineer or similar, or a secondary education plus advanced vocational education with a minimum of 4 years post-related experience.
* Mandatory
* Extensive practical experience with Splunk (deployment, installation, configuration and maintenance).
* Practical experience in designing Splunk-based solutions.
* Knowledge of Splunk Enterprise Security, Phantom and UBA.
* Expert level and prior experience related to SIEM/LogA management activities.
* Ability to analyze and interpret system, security and application logs to diagnose faults and detect abnormal behaviors.
* Practical hands-on experience in systems and tools administration, especially Linux.
* Comprehensive knowledge of computer and network security principles, and vulnerabilities of modern operating systems and applications.
* Proficiency in writing bash, Python or Ansible scripts for task automation and Linux administration.
* Ability to work autonomously and proactively, follow internal processes.
* Good written and verbal communication skills to articulate complex issues to diverse audiences.
* Solid understanding of regular expressions.
* Desirable
* Experience with Splunk Enterprise Security, Phantom and UBA.
* Experience with Micro Focus ArcSight.
* Experience with security tools such as Sourcefire, Symantec Endpoint Protection, or RSA Security Analytics.
* Experience in GIT and automation technologies (e.g., Ansible).
* Proficiency in SIEM content creation (rules, reports, dashboards).
* Experience in creating/modifying custom parsers or flex connectors.
* Understanding IOC concepts and integration of Threat Intel feeds with SIEM.
* Programming/scripting skills (Python, shell, PowerShell).
* Troubleshooting Linux and Windows infrastructures.
* Knowledge of maintaining a secure enterprise network and security devices (firewalls, proxies, IDS/IPS, HIDS/EPO); familiarity with Sourcefire/Snort.
* Experience automating interactions between systems via APIs.
* Industry certifications (CISSP, CISM, MCSE/S, CISA, SANS GNSA/GIAC).
* Understanding of CIA triad and information security practices.
* Experience working in international environments with military and civilian elements.
* Experience as a user of SIEM and Log aggregation systems.
#J-18808-Ljbffr