Overview: The qualified candidate(s) will support an internal project "SOC Core Log Ingestion” and responsible to coordinate deployment of SIEM log ingestion packages with both the System Administrator and in collaboration with various Business Units (BU). The SIEM log ingestion packages are to deploy onto servers and security equipment (ex: packages for windows OS, Linux, Webservers IIS or Apache, etc).
Day -to -day responsibilities:
Participate in developing log ingestion packages for Windows OS, Linux and other security equipment's
Provide support to System Admin working in Business Unit for issues related to log ingestion packages
Validate proper reception of logs coming from servers and security equipments
Develop or maintain parsers in SIEM connectors to ensure logs are properly organized and normalized in proper fields
Maintain and develop various usecases consuming logs received from the business, using Arcsight and/or Elastic
Ensure proper documentation, incident response playbook for usecases
developed
Ensure proper documentation for packages developed
Participate in various meeting/conference call / project reports and status, etc.
Required Skillsets:
Exposure to DevOps and containerized services platforms.
Experience creating and customizing scripts (ex: python, Ruby), as contractor must be able to create and/or work with team of developer to create some scripts, adjust scripts related to log acquisition.
Strong knowledge of monitoring, alerting, telemetry solutions
Advanced experience in coordinating, developing and deploying SIEM log
packages
Expert knowledge in known SIEM, preferrably either ARCSIGHT OR ELK. SPLUNK, QRADAR, etc is acceptable.
Must have advanced Windows OS & Linux security knowledge, meaning: The candidate should know HOW these operating systems function, as a security integrator. Specifically, The contractor must now how to obtain the security log from Windows OS & Linux
Basic Python Scripting is mandatory, as contractor must be able to create and/or work with team of developer to create some scripts, adjust scripts related to log acquisition.
Understand and be able to configure log shippers (such as auditbeat, filebeat)
**Valid certification, accreditation such as SANS CISSP is NOT mandatory. Showing how your candidate's experience provides them the ability to perform the functions of the role is mandatory.
