{"id":270072,"date":"2021-10-11T12:47:10","date_gmt":"2021-10-11T10:47:10","guid":{"rendered":"http:\/\/welovesalt.com\/be\/jobs\/%wpbb_job_industry%\/mitre-attck-siem-engineer-expert-qradar-splunk-logs\/"},"modified":"2021-11-25T12:40:06","modified_gmt":"2021-11-25T11:40:06","slug":"mitre-attck-siem-engineer-expert-qradar-splunk-logs-270072","status":"archive","type":"wpbb_job","link":"https:\/\/welovesalt.com\/\/be\/jobs\/technology\/mitre-attck-siem-engineer-expert-qradar-splunk-logs-270072\/","title":{"rendered":"MITRE ATT&amp;CK \/SIEM Engineer Expert (QRadar, Splunk, Logs) &#8211;"},"content":{"rendered":"<p><strong>SIEM Engineer Expert (QRadar, Splunk, Logs) &#8211; Transformation Project  &#8211; Brussels <\/strong><\/p>\n<p><strong>Duration: 6-12 months<\/strong><\/p>\n<p><strong>Rate: 600 -700 p\/d<\/strong><\/p>\n<p><strong>Remote Working &#8211; 1 day onsite per month.<\/strong><\/p>\n<p>You join SOC as an Expert in SIEM (Security Information and Event Management) engineering.<\/p>\n<p>The sub-function SOC Tier 1 and 2 monitors, collects and analyses security events information from the networks, systems, and critical applications at the Bank, detects and triages unusual or suspicious activity and provides real-time first and second-line security operations management services.<\/p>\n<p>In your role as subject matter expert you are responsible for getting the logs on-boarded in the SIEM, develop and maintain event correlation rules that generate the alerts monitored by the tier 1 function, as well as the runbooks being used by the tier 1.<\/p>\n<p>Additionally you guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keep documentation up to date.<\/p>\n<p>Your primary duties will be :<\/p>\n<ul>\n<li>Keep abreast of evolving cyber threats and identifying new and sophisticated methods of detecting them.<\/li>\n<li>Interact with customers to gather requirements and ensure the implementation of cyber security solutions.<\/li>\n<li>Responsible for the creation of procedures, runbooks, high-level\/low-level documentation, implementation of processes and development of staff in relation to SIEM log sources and detection logic.<\/li>\n<li>Responsible for security event life-cycle management with event source system administrators\/owners, as well as maintaining current operational event flows<\/li>\n<li>Responsible for configuration of enterprise security log source types into the SIEM and definition of security event log forwarding into the SIEM.<\/li>\n<li>Coach a small team (from a technical perspective); review work outputs and provide quality assurance.<\/li>\n<li>Analyses and identifies areas of improvement with existing processes, procedures and documentation.<\/li>\n<li>Demonstrates how to use SIEM &amp; Enterprise Security products to both technical\/non-technical personnel.<\/li>\n<li>Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems.<\/li>\n<\/ul>\n<p>Qualifications<\/p>\n<\/p>\n<p>Technical skills<\/p>\n<ul>\n<li>In depth experience in development and maintenance of SIEM use cases<\/li>\n<li>Strong knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes<\/li>\n<li>Strong knowledge of network security zones, firewall, IDS.<\/li>\n<li>Knowledge of Linux and Windows platforms and cloud concepts.<\/li>\n<li>Experience administering multiple security technologies (Firewalls, IDS\/IPS, SIEM).<\/li>\n<li>Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)<\/li>\n<li>Excellent English communication skills (written and oral)<\/li>\n<\/ul>\n<p>Assets<\/p>\n<ul>\n<li>QRadar Certified<\/li>\n<li>Splunk Certified<\/li>\n<li>Any other Security Certifications (e.g. CEH or CISSP)<\/li>\n<\/ul>\n<p>Soft skills<\/p>\n<\/p>\n<ul>\n<li>Good security mind set;<\/li>\n<li>Sense of urgency and able to apply risk based approach to prioritize work;<\/li>\n<li>Strong analytical skills to help define new use cases, statistical correlation rules and analytical monitoring functions<\/li>\n<li>A problem solver (you recognize underlying issues and problems, you analyse root causes and define solutions accordingly)<\/li>\n<li>Able to work autonomously<\/li>\n<li>Motivated to learn new technologies and come up with process improvements and efficiencies<\/li>\n<li>A team-focused mentality with ability to work &amp; collaborate effectively in a team environment;<\/li>\n<li>Reporting and continuous improvement mindset<\/li>\n<li>Project Management skills<\/li>\n<li>You have good influencing\/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain &#8220;natural authority&#8221; (persuasion)<\/li>\n<li>You examine matters from a distance and putting them in a broader context and time perspective (vision)<\/li>\n<li>Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills<\/li>\n<li>Capability to ensure confidentiality and discretion in performing sensitive tasks<\/li>\n<li>At ease in a fast changing environment, flexible and pragmatic, open-minded<\/li>\n<\/ul>\n<p>Please do share with me the most up to date copy of your CV to eobiechefu@welovesalt.com<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/counter.adcourier.com\/ZW9iaWVjaGZ1LjQ5MjE1LjEyNDk0QHNhbHQuYXBsaXRyYWsuY29t.gif\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SIEM Engineer Expert (QRadar, Splunk, Logs) &#8211; Transformation Project &#8211; Brussels Duration: 6-12 months Rate: 600 -700 p\/d Remote Working &#8211; 1 day onsite per month. You join SOC as an Expert in SIEM (Security Information and Event Management) engineering. The sub-function SOC Tier 1 and 2 monitors, collects and analyses security events information from&hellip;<\/p>\n","protected":false},"template":"","wpbb_job_industry":[59],"wpbb_job_location":[3],"wpbb_job_type":[2],"wpbb_job_skill":[6842,6875,6874,6087,6089,575,654],"wpbb_job_locationType":[],"acf":[],"_links":{"self":[{"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job\/270072"}],"collection":[{"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job"}],"about":[{"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/types\/wpbb_job"}],"wp:attachment":[{"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/media?parent=270072"}],"wp:term":[{"taxonomy":"wpbb_job_industry","embeddable":true,"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job_industry?post=270072"},{"taxonomy":"wpbb_job_location","embeddable":true,"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job_location?post=270072"},{"taxonomy":"wpbb_job_type","embeddable":true,"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job_type?post=270072"},{"taxonomy":"wpbb_job_skill","embeddable":true,"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job_skill?post=270072"},{"taxonomy":"wpbb_job_locationType","embeddable":true,"href":"https:\/\/welovesalt.com\/\/be\/wp-json\/wp\/v2\/wpbb_job_locationType?post=270072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}