Responsibilities
Required Security Clearance: NATO SECRET
Management, maintenance and configuration of SIEM/LogA tools
Security Incident Event Management (SIEM) - Splunk Enterprise Security, Microfocus ArcSight ESM
Log Aggregation (LogA) - Splunk Forwarders, Microfocus ArcSight Loggers and Connectors
Setup a monitoring mechanism detecting potential issues in real time. Issues may relate to software configuration, delivery of service, loss of log sources, performance issues, HW resources, data parsing, etc.
Continuously monitor all system components (SIEM, LogA, log sources) and take appropriate actions to resolve detected issues.
Support project activities related to SIEM/LogA capability; act as a subject matter expert (SME) and point of contact (POC) to facilitate further system development.
Provide technical support in troubleshooting infrastructure and operational issues and collaborate with other teams for resolution.
Provide required support and assistance for integration with external tools.
Ensure that SIEM/LogA specialized applications are installed, configured, and running properly, in line with dependencies with other systems or applications.
Identify upgrade requirements and areas of improvement to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and propose an implementation plan for the Change Management Board.
Implement approved changes in coordination with other stakeholders.
Proactively recommend optimizations to capabilities to provide effective and efficient service operations.
Review security documentation and provide technical advice when requested.
Maintain awareness of new technologies, industry standards and best practices; participate in knowledge sharing with SIEM/LogA community and develop solutions efficiently.
Create technical and/or executive level reports as required.
Provide SME input for future projects and system expansion.
Perform other essential duties as assigned.
Standard working hours, with exceptions for nonstandard hours up to 360 hours annually.
May exceptionally require work outside standard hours in support of a major Cyber Incident or on a shift system for a limited period due to urgent operational needs.
Qualifications
NATO Secret security clearance.
Essential to have a Bachelor's Degree in Computer Science with a minimum of 2 years' experience as Cyber Tools Engineer or similar, or a secondary education plus advanced vocational education with a minimum of 4 years post-related experience.
Mandatory
Extensive practical experience with Splunk (deployment, installation, configuration and maintenance).
Practical experience in designing Splunk-based solutions.
Knowledge of Splunk Enterprise Security, Phantom and UBA.
Expert level and prior experience related to SIEM/LogA management activities.
Ability to analyze and interpret system, security and application logs to diagnose faults and detect abnormal behaviors.
Practical hands-on experience in systems and tools administration, especially Linux.
Comprehensive knowledge of computer and network security principles, and vulnerabilities of modern operating systems and applications.
Proficiency in writing bash, Python or Ansible scripts for task automation and Linux administration.
Ability to work autonomously and proactively, follow internal processes.
Good written and verbal communication skills to articulate complex issues to diverse audiences.
Solid understanding of regular expressions.
Desirable
Experience with Splunk Enterprise Security, Phantom and UBA.
Experience with Micro Focus ArcSight.
Experience with security tools such as Sourcefire, Symantec Endpoint Protection, or RSA Security Analytics.
Experience in GIT and automation technologies (e.g., Ansible).
Proficiency in SIEM content creation (rules, reports, dashboards).
Experience in creating/modifying custom parsers or flex connectors.
Understanding IOC concepts and integration of Threat Intel feeds with SIEM.
Programming/scripting skills (Python, shell, PowerShell).
Troubleshooting Linux and Windows infrastructures.
Knowledge of maintaining a secure enterprise network and security devices (firewalls, proxies, IDS/IPS, HIDS/EPO); familiarity with Sourcefire/Snort.
Experience automating interactions between systems via APIs.
Industry certifications (CISSP, CISM, MCSE/S, CISA, SANS GNSA/GIAC).
Understanding of CIA triad and information security practices.
Experience working in international environments with military and civilian elements.
Experience as a user of SIEM and Log aggregation systems.
#J-18808-Ljbffr