Job Description

SUMMARY

The qualified candidate(s) will support an internal project "SOC Core Log IngestionaEUR and be responsible to coordinate and facilitate log ingestion deliverables with both the System Administrator and in collaboration with various business units . The log ingestion packages are to be deployed onto servers and security equipment

RESPONSIBILITIES

• Participate in developing log ingestion packages for Windows OS, Linux and other security equipment.
• Validate proper reception of logs coming from servers and security equipment.
• Develop and maintain parsers in SIEM connectors to ensure logs are properly formatted and normalized per data schemas.
• Apply foundational security knowledge to ensure that events with security value reach the SOC, while also protecting the infrastructure from being overloaded.
• Ensure proper documentation for packages developed. Assist with support handoff to deployment support teams.
• Develop service monitoring capabilities in alerting or visualization formats to ensure SOC log services are in high availability.
• Provide support to various customers for log delivery via service desk.
• Participate in various meetings such as daily stand-ups, project reports and status calls.

QUALIFICATIONS

• Experience creating and customizing scripts (ex: Python, Ruby, Powershell), as contractor must be able to create and/or work with team to create or adjust scripts related to log acquisition. Basic python experience is a must.
• Strong knowledge of monitoring, alerting, telemetry solutions. Prometheus/AlertManager, Grafana, Zabbix, Nagios experience an asset.
• Advanced experience in coordinating, developing and deploying SIEM log
• packages.
• Knowledge in industry standard SIEM platforms. 2+ years of hands on experience, preferably either ArcSight or Elastic. Splunk, QRadar, etc is acceptable.
• Exposure to DevOps tools and containerized services platforms. OpenShift experience an asset.
• Experience with log delivery and monitoring in cloud platforms such as AWS, Azure, and Google Cloud an asset.
• Must have advanced Windows & Linux OS security knowledge. The candidate must know HOW these operating systems function, as a security integrator. Specifically, the contractor must now how to obtain the security logs from Windows & Linux OS distributions.
• Understand and be able to configure log shippers (such as auditbeat, filebeat, winlogbeat). Other experience such as Splunk light fowarders is acceptable.
• Valid certification, accreditation such as SANS CISSP is NOT mandatory. Showing how your candidate's experience provides them the ability to perform the functions of the role is mandatory.

SOMMAIRE

Le ou les candidats qualifies soutiendront un projet interne A SOC Core Log Ingestion A et seront responsables de coordonner et de faciliter les livrables d'ingestion de journaux avec l'administrateur systeme et en collaboration avec diverses unites d'affaires Les packages d'ingestion de journaux doivent atre deployes sur des serveurs et des equipements de securite.

RESPONSABILITa?S

• Participer au developpement de packages d'ingestion de journaux pour les systemes d'exploitation Windows, Linux et autres equipements de securite.
• Valider la bonne reception des logs provenant des serveurs et des equipements de securite.
• Developper et maintenir des analyseurs dans les connecteurs SIEM pour s'assurer que les journaux sont correctement formates et normalises selon les schemas de donnees.
• Appliquer les connaissances de base en matiere de securite pour s'assurer que les evenements a valeur de securite atteignent le SOC, tout en protegeant l'infrastructure contre la surcharge.
• Assurer une documentation appropriee pour les packages developpes. Aider au transfert de l'assistance aux equipes d'assistance au deploiement.
• Developper des capacites de surveillance des services dans des formats d'alerte ou de visualisation pour s'assurer que les services de journal SOC sont en haute disponibilite.
• Fournir un support aux differents clients pour la livraison des logs via le service desk.
• Participer a diverses reunions telles que des stand-ups quotidiens, des rapports de projet et des appels d'etat.

QUALIFICATIONS

• Experience dans la creation et la personnalisation de scripts (ex : Python, Ruby, Powershell), car l'entrepreneur doit atre capable de creer et/ou de travailler avec une equipe pour creer ou ajuster des scripts lies a l'acquisition de journaux. Une experience de base en python est indispensable.
• Solide connaissance des solutions de surveillance, d'alerte et de telemetrie. Experience Prometheus/AlertManager, Grafana, Zabbix, Nagios un atout.
• Experience avancee dans la coordination, le developpement et le deploiement du journal SIEM paquets.

WHO ARE WE?

We're Ian Martin: a full-service recruiting firm with 60+ years' experience hiring engineering and IT professionals like you.

Ian Martin has a proven track record of contractor success and candidate satisfaction. 98.9% of our contractors are satisfied with their experience and 99.2% of them complete their assignments.

When you apply, you'll have support throughout the entire hiring process-our recruiters will assess your qualifications and put you in touch with jobs and employers that are right for you.