MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious
2

SIEM LogA Tool Manager (NATO) - Belgium

Location City, United kingdom
Posted 11-June-2020
Description
SIEM / LogA Tool Manager (NATO - SC Required)


**Please note this role is based in Belgium** Working Location: Mons, Belgium Language: High proficiency level in English Security Clearance: NATO Secret/ SC
Essential Qualifications/Experience:
Bachelors Degree in Computer Science combined with a minimum of 2 years experience in as Security Tool Analyst (STA), Tool Manager or similar position involving technical ICT Engineering knowledge, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with a minimum of 4 years post related experience
Extensive practical experience with SIEM and Log Aggregation products - e.g. MicroFocus ArcSight and Splunk
Expert level and previous experience related to Log Aggregation and SIEM management activities
Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
Good knowledge of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO
Knowledge of Sourcefire/Snort
Practical hands-on experience in systems and tools administration
Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications
Troubleshooting of Linux and/or Windows infrastructures
Demonstrable ability to work autonomously and proactively, to understand the NCSC chain of command and to follow internal processes
Practical skills in writing bash, python or ansible scripts to support repetitive tasks automation, Linux system and application administration and troubleshooting
Proficient with SIEM content creation - correlation rules, reports, dashboards
Desirable Qualifications/Experience:
Experience of using and administering security tools such as Sourcefire, Symantec Endpoint Protection, or RSA Security Analytics
Experience in creation/modification of custom parsers or flex connectors
Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell)
Prior experience automating interactions between systems using APIs
Industry leading certification in the area of Cybersecurity such as, but not limited to: CISSP, CISM, MCSE/S, CISA, SANS GNSA, SANS GIAC
A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
Prior experience of working in an international environment comprising both military and civilian elements
Prior experience as a user of SIEM and Log aggregation systems
DUTIES/ROLE:
As Security Incident and Event Manager (SIEM) / Log Aggregation (LogA) Tool Manager, responsible for supporting Cyber Defence operations, maintaining and updating the tools configurations to match the threat environment, specifically for SIEM / LogA perimeter
Report to the Head, Security Tools Management Section and will collaborate with the personnel from CS Operations Branch as the content developers and users of the tools
Work with the staff of Platform and Infrastructure Section for the platform maintenance and support
The SIEM / LogA Tool manager will work with the Security Event Analysts (SEAs) and the Operations and Maintenance (O&M) Service Staff to help tune the security tools for optimum performance, with three main aims:
Ensure logs are properly collected at site level via ArcSight connectors or Splunk forwarders
Ensure that LogA (Log Aggregators) are deployed at remote sites and key systems are configured
Ensure Security Information and Event Management (SIEM) subsystem is operative and collects a continuous event rate of events per second from many different sources such as sensors (NIDPS, FPC, HIDS, antivirus, etc.) and network security devices (firewalls, proxies, etc.), analysing and identifying real-time threats
Install, Configure and admin Cyber Defence associated specialist tools (see below):
Security Incident Event Management (SIEM) - Microfocus ArcSight ESM; Splunk Enterprise Security
Log Aggregation (LogA) Microfocus ArcSight Loggers, Microfocus ArcSight Connectors, Splunk Forwarders
Setup a monitoring mechanism (with internal support if needed) in order to detect immediately potential issues found...... click apply for full job details

 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url