Job Description

Overview: The qualified candidate(s) will support an internal project SOC Core Log Ingestion and responsible to coordinate deployment of SIEM log ingestion packages with both the System Administrator and in collaboration with various Bell business units (BU). The SIEM log ingestion packages are to deploy onto servers and security equipment (ex: packages for windows OS, Linux, Webservers IIS or Apache, etc). Day -to -day responsibilities: - Creation and customization of scripts for log acquisition, parsing and to automate log acquisition - Participate in developing log ingestion packages for Windows OS, Linux and other security equipment's - Provide support to System Admin working in Business Unit for issues related to log ingestion packages - Validate proper reception of logs coming from servers and security equipments - Develop solution to monitor log reception & generate exception report or notification in case of log reception failure - Develop or maintain parsers in SIEM connectors to ensure logs are properly organized and normalized in proper fields - Ensure proper documentation for packages developed - Participate in various meeting/conference call / project reports and status, etc. Required Skillsets: Exposure to DevOps and containerized services platforms. Experience creating and customizing scripts (ex: python, Ruby), as contractor must be able to create and/or work with team of developer to create some scripts, adjust scripts related to log acquisition. Strong knowledge of monitoring, alerting, telemetry solutions. Advanced experience in coordinating, developing and deploying SIEM log packages Very good knowledge in known SIEM, preferrably either ARCSIGHT OR ELK. SPLUNK, QRADAR, etc is acceptable. Must have advanced Windows OS & Linux security knowledge, meaning: The candidate should know HOW these operating systems function, as a security integrator. Specifically, The contractor must now how to obtain the security log from Windows OS & Linux Understand and be able to configure log shippers (such as auditbeat, filebeat) Valid certification, accreditation such as SANS CISSP is NOT mandatory. Showing how the candidate's experience provides them the ability to perform the functions of the role is mandatory.