Job Description

Overview: The qualified candidate(s) will supporting an internal project SOC Core Log Ingestion and responsible to coordinate deployment of SIEM log ingestion packages with both the System Administrator and in collaboration with various Bell business units (BU). The SIEM log ingestion packages are to deploy onto servers and security equipment (ex: packages for windows OS, Linux, Webservers IIS or Apache, etc). Day -to -day responsibilities: - Participate in developing log ingestion packages for Windows OS, Linux and other security equipment's - Provide support to System Admin working in Business Unit for issues related to log ingestion packages - Validate proper reception of logs coming from servers and security equipments - Develop or maintain parsers in SIEM connectors to ensure logs are properly organized and normalized in proper fields - Maintain and develop various usecases consuming logs received from the business, using Arcsight and/or Elastic - Ensure proper documentation, incident response playbook for usecases developed - Ensure proper documentation for packages developed - Participate in various meeting/conference call / project reports and status, etc. Required Skillsets: 1) Advanced experience in coordinating, developing and deploying SIEM log packages 2) Experience using ARCSIGHT & ELK; Advanced use in Elastic, logstash, Kibana 3) Must have advanced Windows OS & Linux security knowledge, meaning: The candidate should know HOW these operating systems function, as a security integrator. Specifically, The contractor must now how to obtain the security log from Windows OS & Linux and know the applicable laws related to security at the Operating System level. 4) Basic Python Scripting is mandatory, as contractor must be able to adjust the scripting at the Operating System level by adding small scripts and have the ability to explain the reason for their scripts Valid certification, accreditation such as SANS CISSP is NOT mandatory