SIEM Engineer

Brussels  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Calling for a SIEM Engineer to join our client in the FinTech Sector.

We are looking for a SIEM Engineer to help us to migrate correlation rules from Qradar to Splunk. You join SOC as an Expert in SIEM (Security Information and Event Management) engineering.

REMOTE FLEXIBILITY

In your role as subject matter expert, you are responsible for helping Euroclear in SIEM transformation from QRadar to Splunk ecosystem. You will be responsible for developing and tuning correlation searches in Splunk that generate the alerts monitored by the SOC Tier 1 function, as well as the runbooks being used by the Tier 1.

Additionally, you might guide and coach your junior team members and guard the use case development and maintenance framework, this includes adhering to standards and keeping documentation up to date.

Your primary duties will be:

- Analyse existing use case catalog and correlation rules implemented in QRadar.

- Prepare correlation rules migration from QRadar to Splunk ecosystem.

- Cooperate with CTI team, SOC team and CIRT team in correlation searches development and testing in Splunk.

- Create Splunk Knowledge Objects to address stakeholders' needs in the context of using Splunk as a security tool.

- Prepare correlation search test, conduct test, and document evidence from the test that shows correlation search addresses scenario described in the use case.

- Interact with stakeholders to gather requirements about use cases in the context of log sources and external feeds.

- Cooperate with log source onboarding project to assure correct log source onboarding and log mapping to data models according to Splunk best practices.

- Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes, and development of staff in relation to SIEM detection logic

- Coach a team (from a technical perspective); review work outputs and provide quality assurance.

- Analyses and identifies areas of improvement with existing processes, procedures, and documentation.

- Demonstrates how to use SIEM & Enterprise Security products to both technical/non-technical personnel.

- Provides expert technical advice and counsel in the design, monitoring, and improvement of SIEM security systems.

Technical skills

  • In-depth experience in the development and maintenance of SIEM use cases
  • Knowledge about how correlation rules in QRadar are built
  • Fluent in Splunk's search processing language (SPL)
  • Excellent knowledge of Splunk Enterprise and Splunk Enterprise Security
  • Sound knowledge about Splunk Common Information Model (CIM) and log normalization using Data Models
  • Excellent English communication skills (written and oral)

Assets

  • Splunk Certified Power User (essential)
  • Splunk Enterprise Certified Admin (essential)
  • Splunk Enterprise Security Certified Admin (nice to have)
  • QRadar Certified (nice to have)
  • Any other Security Certifications (eg CEH, GIAC, CISSP, OSCP)

Please get in touch for further details on this excellent contract opportunity.

Start date
n.a
From
Endeavour Recruitment
Published at
02.12.2021
Project ID:
2264822
Contract type
Freelance
To apply to this project you must log in.
Register