We are seeking a highly skilled Data Engineer SIEM Solutions with hands-on experience in Cybersecurity . The ideal candidate will have a strong background in application support and a solid understanding of business processes within a fast-paced, technology-driven environment. . If you are keen to apply for the role, please share your updated resume to ajit.shaw@innovasolutions.com
Task Description
1. Cross-functional work and cooperation in the development of new and optimization of existing security processes and tools
Leading to an improved detection of anormalies/attacks and optimizing the processing of security incidents. This position must be able to read and understand logs systems and to recognize anomalies that can indicate an attack by development and using appropriate searches/use cases
Analyse connected Log Sources referring to their Data Structure, Data Format, Data Fields and their value for Security
Develop Parser for incorrectly parse Data
Maps Data to Data Models
Optimize the Data Structure to increase performance and reduce costs
Leverage machine learning to identify the correct parses and Data Models
Create Data Transformation and mapping Pipelines per Data source
Setup Routings to different log targets
Define Security Data Models in ESB and SIEM, and mapping of the Security Data Models
Documentation of the implemented Data Models and pipeline
Implement Data Model in SIEM in cooperation with the SOC
Push the implemented Data Models in GIT
Clarify the Data models with the Use Case Engineers
Data optimization for Cloud SIEM
Reduce Data volume usage in SIEM Solution
Support in the further connection of new data sources in the SIEM Infrastructure
2. Act as Single Point of Contact for Parsing issues within SOC
Able to handle Parsing issues incidents together with operations and SOC
3. Develop generic Onboarding Guidelines for log sources
Implement/extend parsing’s for different log source types
4. Setup and implement a Data Retention and Deletion Concept
Establish Concept for Data Replication between Cloud and DC
5. Close cooperation with responsible partners such as CIRC, Platform Owner and Platform Lead Architect in the further development of the platform
Act as an interface between platform operation and the demand management
Qualification
Education \& Certifications
Degree from a reputable university or significant course work in Computer Science, Networking, engineering or other computer-related fields of study
Specific Knowledge
Familiar with REST API and Syslog
Scripting and parsers development (e.g. Python, Regex)
Strong understanding of log collection, streaming, correlation and threat detection
These would be a plus:
Technical and security knowledge of at least one of the leading Cloud platforms (e.g. Azure, AWS, GCP)
Experience with DevOps CI/CD Pipelines, Git Repository and Containers technologies
Relevant technical and industry certifications (e.g. Splunk, ArcSight, Microsoft, SANS, ISC2)
Experience (type of)
Effective oral and written communication skills
Good timekeeping ability to cope with a tight deadline and achieve operational objectives
Self-motivated with the ability to carry out assigned tasks with minimum supervision
Previous relevant experience working in a security operational /analytical role, ideally within a Corporate, Military, or Police environment
Experience working in a global environment and with virtual teams