SIEM Engineer Expert – (Splunk engineer for UC migration)

SIEM Engineer Expert – (Splunk engineer for UC migration) – Banking Client – Brussels

Remote working available

6month contract

Rate: €600 – €700

Role

You join SOC as an Expert in SIEM (Security Information and Event Management) engineering.
In your role as subject matter expert you are responsible for helping the client in SIEM transformation from QRadar to Splunk ecosystem. You will be responsible for developing and tuning corelation searches in Splunk that generate the alerts monitored by the SOC Tier 1 function, as well as the runbooks being used by the Tier 1.

Additionally you might guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keep documentation up to date.

Your primary duties will be :

• Analyse existing use case catalogue and corelation rules implemented in QRadar.
• Prepare corelation rules migration from QRadar to Splunk ecosystem.
• Cooperate with CTI team, SOC team and CIRT team in corelation searches development and testing in Splunk.
• Create Splunk Knowledge Objects to address stakeholders needs in context of using Splunk as security tool.
• Prepare corelation search test, conduct test and document evidence from test that shows corelation search addresses scenario described in use case.
• Interact with stakeholders to gather requirements about use cases in context of log sources and external feeds.
• Cooperate with log source onboarding project to assure correct log source onboarding and log mapping to data models according to Splunk best practices.
• Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SIEM detection logic
• Coach a team (from a technical perspective); review work outputs and provide quality assurance.
• Analyses and identifies areas of improvement with existing processes, procedures and documentation.
• Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel.
• Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems.

Technical skills

• In depth experience in development and maintenance of SIEM use cases
• Knowledge about how corelation rules in QRadar are built
• Fluent in Splunk’s search processing language (SPL)
• Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
• Sound knowledge about Splunk Common Information Model (CIM) and log normalization using Data Models
• Excellent English communication skills (written and oral)

Assets

• Splunk Certified Power User (essential)
• Splunk Enterprise Certified Admin (essential)
• Splunk Enterprise Security Certified Admin (nice to have)
• QRadar Certified (nice to have)
• Any other Security Certifications (e.g. CEH, GIAC, CISSP, OSCP …)

Soft skills

• Good security mind set;
• Sense of urgency and able to apply risk based approach to prioritize work;
• Strong analytical skills to help define new use cases, statistical correlation rules and analytical monitoring functions
• A problem solver (you recognize underlying issues and problems, you analyse root causes and define solutions accordingly)
• Able to work autonomously
• Motivated to learn new technologies and come up with process improvements and efficiencies
• A team-focused mentality with ability to work & collaborate effectively in a team environment;
• Reporting and continuous improvement mindset
• Project Management skills

• You have good influencing/persuasion skills, obtaining approval of others with good arguments, appropriate influencing methods and a certain “natural authority” (persuasion)

• You examine matters from a distance and putting them in a broader context and time perspective (vision)
• Good leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
• Capability to ensure confidentiality and discretion in performing sensitive tasks

At ease in a fast changing environment, flexible and pragmatic, open-minded

Please do send across to me the most up to date CV eobiechefu@welovesalt.com