MITRE ATT&CK /SIEM Engineer Expert QRadar, Splunk, Logs -

Posted 11 October by Salt Search
Easy Apply

Register and upload your CV to apply with just one click

SIEM Engineer Expert (QRadar, Splunk, Logs) - Transformation Project - Brussels

Duration: 6-12 months

Rate: 600 -700 p/d

Remote Working - 1 day onsite per month.

You join SOC as an Expert in SIEM (Security Information and Event Management) engineering.

The sub-function SOC Tier 1 and 2 monitors, collects and analyses security events information from the networks, systems, and critical applications at the Bank, detects and triages unusual or suspicious activity and provides real-time first and second-line security operations management services.

In your role as subject matter expert you are responsible for getting the logs on-boarded in the SIEM, develop and maintain event correlation rules that generate the alerts monitored by the tier 1 function, as well as the runbooks being used by the tier 1.

Additionally you guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keep documentation up to date.

Your primary duties will be :

  • Keep abreast of evolving cyber threats and identifying new and sophisticated methods of detecting them.
  • Interact with customers to gather requirements and ensure the implementation of cyber security solutions.
  • Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM log sources and detection logic.
  • Responsible for security event life-cycle management with event source system administrators/owners, as well as maintaining current operational event flows
  • Responsible for configuration of enterprise security log source types into the SIEM and definition of security event log forwarding into the SIEM.
  • Coach a small team (from a technical perspective); review work outputs and provide quality assurance.
  • Analyses and identifies areas of improvement with existing processes, procedures and documentation.
  • Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
  • Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems.

Qualifications

Technical skills

  • In depth experience in development and maintenance of SIEM use cases
  • Strong knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
  • Strong knowledge of network security zones, firewall, IDS.
  • Knowledge of Linux and Windows platforms and cloud concepts.
  • Experience administering multiple security technologies (Firewalls, IDS/IPS, SIEM).
  • Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
  • Excellent English communication skills (written and oral)

Assets

  • QRadar Certified
  • Splunk Certified
  • Any other Security Certifications (e.g. CEH or CISSP)

Soft skills

  • Good security mind set;
  • Sense of urgency and able to apply risk based approach to prioritize work;
  • Strong analytical skills to help define new use cases, statistical correlation rules and analytical monitoring functions
  • A problem solver (you recognize underlying issues and problems, you analyse root causes and define solutions accordingly)
  • Able to work autonomously
  • Motivated to learn new technologies and come up with process improvements and efficiencies
  • A team-focused mentality with ability to work & collaborate effectively in a team environment;
  • Reporting and continuous improvement mindset
  • Project Management skills
  • You have good influencing/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain "natural authority" (persuasion)
  • You examine matters from a distance and putting them in a broader context and time perspective (vision)
  • Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
  • Capability to ensure confidentiality and discretion in performing sensitive tasks
  • At ease in a fast changing environment, flexible and pragmatic, open-minded

Please do share with me the most up to date copy of your CV to

Required skills

  • Transformation
  • Playbook
  • SIEM
  • Qradar
  • Logs
  • SPLUNK
  • Mitre Attack

Reference: 44328862

Bank or payment details should never be provided when applying for a job. For information on how to stay safe in your job search, visit SAFERjobs.

Report this job