The qualified candidate(s) will support an internal project “SOC Core Log Ingestion” and be responsible to coordinate and facilitate log ingestion deliverables with both the System Administrator and in collaboration with various business units (BU). The log ingestion packages are to be deployed onto servers and security equipment.
- Participate in developing log ingestion packages for Windows OS, Linux and other security equipment.
- Validate proper reception of logs coming from servers and security equipment.
- Develop and maintain parsers in SIEM connectors to ensure logs are properly formatted and normalized per data schemas.
- Apply foundational security knowledge to ensure that events with security value reach the SOC, while also protecting the infrastructure from being overloaded.
- Ensure proper documentation for packages developed.
- Assist with support handoff to deployment support teams.
- Develop service monitoring capabilities in alerting or visualization formats to ensure SOC log services are in high availability.
- Provide support to various customers for log delivery via service desk.
- Participate in various meetings such as daily stand-ups, project reports and status calls.
- Experience creating and customizing scripts (ex: Python, Ruby, Powershell), as contractor must be able to create and/or work with team to create or adjust scripts related to log acquisition.
- Basic python experience is a must.
- Strong knowledge of monitoring, alerting, telemetry solutions.
- Prometheus/AlertManager, Grafana, Zabbix, Nagios experience an asset.
- Advanced experience in coordinating, developing and deploying SIEM log packages.
- Knowledge in industry standard SIEM platforms.
- 2+ years of hands on experience, preferably either ArcSight or Elastic. Splunk, QRadar, etc is acceptable.
- Exposure to DevOps tools and containerized services platforms. OpenShift experience an asset.
- Experience with log delivery and monitoring in cloud platforms such as AWS, Azure, and Google Cloud an asset.
- Must have advanced Windows & Linux OS security knowledge.
- The candidate must know HOW these operating systems function, as a security integrator.
- Specifically, the contractor must now how to obtain the security logs from Windows & Linux OS distributions.
- Understand and be able to configure log shippers (such as auditbeat, filebeat, winlogbeat).
- Other experience such as Splunk light fowarders is acceptable.
- Valid certification, accreditation such as SANS CISSP is NOT mandatory.
- Showing how your candidate’s experience provides them the ability to perform the functions of the role is mandatory.