C002720 Cyber Security Data - Log Specialist (NS) - FRI 24 Feb
Mons, Wallonia, Belgium
Deadline Date: Friday 24 February 2023
Requirement: Cyber Security Data – Log Specialist
Location: Mons, BE
Full time on-site: Yes
NATO Grade: A/97
Total Scope of the request (hours): 1100
Required Start Date: 1 May 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Duties & Role:
- Act as the Chief Technician and Subject Matter Expert (SME) for log collection systems within the Cyber Security Data team.
- The main area of responsibility is managing multiple types, formats and quantities of data feeds to ensure established events and alerts are ingested from various log sources across NATO networks into the NCSC central security logging platform.
- As the SME, you will provide advice and technical assistance to other stakeholders, maintain technical expertise, awareness, and developments in related new technologies, and provide technical contributions to any projects related to the log collection systems
- Management of data feeds, including but not limited to:
- Ensuring proper receipt of events from different sources
- Correction of data parsing issues
- Keeping an inventory of all log sources from all monitored networks
- Ensuring all data feeds are monitored in real time and issues are immediately identified and worked upon
- As the SME you will be required to coordinate activities with log source providers at remote sites to ensure that data and logs are received into the NCSC central logging platform. In support of this you will establish and maintain a defined list of contacts with CIS support personnel from remote sites.
- Following ITIL standards, provide support to Operations and Service Delivery management covering all stages of the log collection systems lifecycle with the emphasis on the log collection aspects (e.g. Service Design, Transition, Operations, Change Management and Continual Service Improvement).
- Ensure that log collection systems are installed, configured, and operating correctly and in line with dependencies with others systems or applications required.
- Ensure that all system components are continuously monitored and take appropriate technical and non-technical actions for solving detected issues.
- Ensure that the Log Source Monitoring (Solarwinds or Splunk) solution is operational and that alerts are generated and actioned upon for any major changes in service.
- Ensure that log collection systems operate within any KPI's, as defined in Service Level Agreements with NCSC customers.
- Support the integration with external tools and provide technical assistance for any associated activities.
- Proactively identify and propose system improvements to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and implementation plan for the Change
- Management Board. Implement the approved changes following co-ordination with other stakeholders.
- Coordinate with service delivery managers, end users and other stakeholders in support of related services; communicate with other NATO entities as well as industry partners where required.
- Develop and maintain documentation guidelines, standard operating procedures, system and service design documents and other relevant documentation that support management of the log collection systems.
- Create technical level reports as required; organise and deliver presentations and briefings for various audience.
- Deputize for higher grade staff, if required.
- Perform other duties as may be required
Requirements
Skill, Knowledge & Experience:
- The candidate must have a currently active NATO SECRET security clearance
- At least 1 year of extensive practical experience as Splunk administrator (deployment, installation, configuration and maintenance).
- Extensive hands on experience in regular expressions.
- Extensive experience with on-boarding and managing data feeds within a SIEM environment. Practical experience in designing solutions to ingest new data feeds into SIEM.
- At least 2 years expert level experience related to SIEM/LogA management activities.
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
- Practical hands-on experience in systems and tools administration, especially Linux environment.
- Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
- Practical skills in writing Bash, Python or Ansible scripts to support repetitive tasks automation.
- Linux system and application administration and troubleshooting. • Ability to develop clear and concise technical documentation, including procedures.
- Demonstrable ability to work autonomously and proactively, to understand the chain of command and to follow internal processes.
- Good communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
Desirable Experience and Education:
- Extensive practical experience as Splunk administrator in large enterprise environment (deployment, installation, configuration and maintenance).
- Practical experience of Splunk Enterprise security, Phantom and UBA.
- Practical experience (as system administrator) with MicroFocus ArcSight.
- Experience in GIT
- Hands-on experience with Ansible as an automation technology
- Proficient with SIEM content creation – correlation rules, reports, dashboards
- Experience in creation/modification of custom parsers or flex connectors
- Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
- Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell).
- Prior experience automating interactions between systems using APIs.
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
- Prior experience as a user of SIEM and Log aggregation systems.
- ITIL Service Management certifications.
- Experience in developing Splunk Applications.
- Content management experience in Splunk, especially Enterprise Security and Advanced Search and Reporting.
- Hands-on experience with network infrastructure and virtualized environments (preferably VMWare).
- Industry leading certification in the area of Cyber Security such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC and CFCE.
- Previous experience working for Cyber Security related organisations (CERTs, security offices).
- Previous experience working in an international environment comprising both military and civilian elements.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible APIs ArcSight Automation Bash CFCE CIA CISA CISM CISSP Clearance Content creation GIAC GSNA ITIL Linux Monitoring NATO PowerShell Python SANS Scripting Security Clearance SIEM Splunk VMware Vulnerabilities
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs