ABAKUS IT-SOLUTIONS - Your IT Comfort Expert!

Mission

As Security Incident and Event Manager (SIEM) / Log Aggregation (LogA) Tool Manager, you will be responsible for supporting Cyber Defence operations, maintaining and updating the tool’s configurations to match the threat environment, specifically for SIEM / LogA perimeter. You will report to the Head, Security Tools Management Section and will collaborate with the personnel from CS Operations Branch as the content developers and users of the tools. You will also work with the staff of Platform and Infrastructure Section for the platform maintenance and support.

Main responsibilities:
Install, Configure and admin Cyber Defence associated specialist tools (see below):

• Security Incident Event Management (SIEM)
• Microfocus ArcSight ESM;
• Splunk Enterprise Security- Log Aggregation (LogA) Micro focus Arcsight Loggers, Microfocus Arcsight Connectors, Splunk Forwarders - Setup a monitoring mechanism in order to immediately detect potential issues.
• To ensure that all NCIRC specialist applications related to SIEM and LogA are installed, configured, and running properly and in line with dependencies with others systems or applications and CSSL needs. Identify upgrade requirements and areas of improvement to ensure an up-to-date and stable environment.
• Justify business needs, prepare documentation and propose implementation plan for the Change Management Board.
• Implement the approved changes following co-ordination with other stakeholders proactively recommend optimizations to capabilities to provide effective and efficient service operations. Review security documentation and provide technical advice, when requested. Maintain awareness of new technologies and developments, industry standards and best practices within the NCSC community for SIEM/LogA tools, participating in knowledge sharing with other analysts and develop solutions efficiently.
• Create technical reports and/or executive level reports as required.
• Provide subject matter expertise and input for any future projects and system expansion

Requested skills

Technical skills

• Bachelor’s Degree in Computer Science combined with a minimum of 2 years’ experience in as Security Tool Analyst (STA), Tool Manager or similar position involving technical ICT Engineering knowledge,
• Extensive practical experience with SIEM and Log Aggregation products
• Expert level and previous experience related to Log Aggregation and SIEM management activities
• Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours.
• Good knowledge of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
• Practical hands-on experience in systems and tools administration.
• Comprehensive knowledge of the principles of computer and communication security, networking, and the vulnerabilities of modern operating systems and applications.
• Troubleshooting of Linux and/or Windows infrastructures.
• Practical skills in writing bash, python or ansible scripts to support repetitive tasks automation, Linux system and application administration and troubleshooting
• Proficient with SIEM content creation
• Experience of using and administering security tools such as Sourcefire, Symantec, Endpoint Protection, or RSA Security Analytics
• Experience in creation/modification of custom parsers or flex connectors
• Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
• Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell).
• Prior experience automating interactions between systems using APIs.

Soft Skills

• Current NS security clearance
• A solid understanding of Information Security Practices; relating to the Confidentiality,
• Integrity and Availability of information (CIA triad.)
• Prior experience of working in an international environment comprising both military and civilian elements.
• Prior experience as a user of SIEM and Log aggregation systems
• Knowledge of existing/R&D civilian and military surveillance & reconnaissance systems and technologies
• Able to analyze requirements and manage opposing point of views
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams.
• Demonstrable ability to work autonomously and proactively, to understand the NCSC chain of command and to follow internal processes
• Strong listening skills
• Strong English writing and speaking skills
• Real team player and aware of cross-cultural working

Our offering

• The opportunity to have a meaningful job where you can make a difference
• A permanent contract and a new challenge which will certainly give you pleasure and a lot of experience
• A great team to support you and share a lot of knowledge and funny moment
• A personal coaching and the development of your professional and personal skills
• We guarantee remuneration in line with your experience and other extras
• We offer a permanent position and an international working environment