- 50.000-56.000 €/año
- tipo de contrato
- jornada laboral
- sector empresa
- ver más
- consultor técnico
- Esplugues de Llobregat
- IT y Telecom
- our client
Our Client is a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. They innovate every day through forward-looking technologies to create opportunities for the company digital challenges with their consumers, customers and at the workplace.
In order to complete the Cyber Security Operations Centre, we are currently looking for a SIEM Data Engineer.
- your functions
The role of the SIEM Data Engineer is to lead the security data integration design, implementation and quality assessment to the security analytics platform in order to contribute to the threat detection use cases and incident response process of the Cyber SOC.
You will act as the reference person for data on-boarding to the various SIEM and data processing solutions and key technical contact for the data sources owners in order to ensure the constant coverage, quality and health of the security relevant logs. You will be part of a dedicated product team aiming to provide the best-in-class cyber threats detection capabilities in order to improve the business resilience along the Cyber Kill Chain.
The successful candidate will work closely with other specialized security teams and solution owners in order to determine the asset and threat coverage gaps based on standard threat modeling frameworks such as MITRE ATT&CK or OWASP. You will play an active role supporting the SIEM correlation rules and data science machine learning models by providing real-time log shipping, streaming, parsing, enrichment and normalization of the data.
A day in the life of...
Lead the SIEM data sources on-boarding activities in collaboration with the managed service provider
Act as Single Point of Contact (SPOC) for the data sources stakeholders within SOC, IT Organization or its external providers in order to design and implement the SIEM integration
Deploy and configure data feed collectors to support new technologies
Develop new parsers, data enrichments and normalization to Common Event Format (CEF) and Splunk Common Information Model (CIM)
Ensure the data quality and identify any gaps in the security event collection
Take the ownership of the security events lifecycle and data flows across all our components such as log shippers, data stream processor, message bus, SIEM and data lake.
Support the SIEM use cases development and production release.
Develop and deploy our SIEM infrastructure and content leveraging DevOps CI/CD Pipelines, Infrastructure as a Code, Git Repository, Wiki Documentation and Cloud services.
Oversee the delivery of administrative operations performed by third party provider including SIEM data feeds and infrastructure health monitoring, health checks, troubleshooting, performance optimization, IT and Cloud infrastructure administration, security and costs.
Participate actively in the Cloud modernization and migration of our security monitoring and alerting infrastructure as part of the global IT Journey to Cloud program.
- position requisites
What will make you successful:
- Bachelor or Master¿s Degree in Computer Science, Information Security or another similar relevant degree (an additional 3 years of experience may be substituted in lieu of a degree)
- 5+ years of proven experience and technical skills in SIEM technologies for large environment (Splunk, ArcSight, Azure Sentinel), with log shippers, log formats and source data for SIEM analysis
- Strong understanding of log collection, streaming, correlation and threat detection
- Expertise with Windows, Linux and UNIX platforms (security or system administration)
- REST API and Syslog familiarity
- Scripting and parsers development (e.g. Python, Regex)
- Proficient in normalization to Common Event Format (CEF) and/or Splunk Common Information Model (CIM)
- Attention to detail, strong analytical skills and efficient problem solving
- Experience with effective communication at different levels in the organization and in English
- Experience having worked in a global environment and with virtual teams.
These would be a plus:
- Knowledge of data streaming and message bus technologies (e.g. Cribl LogStream, Kafka, Azure Event Hubs)
- Technical and security knowledge of at least one of the leading Cloud platforms (e.g. Azure, AWS, GCP)
- Experience with DevOps CI/CD Pipelines, Git Repository and Containers technologies
- Relevant technical and industry certifications (e.g. Splunk, ArcSight, Microsoft, SANS, ISC2).
- Formación: Grado: Grado en Informática y Servicios
- Idiomas: Inglés: ALTO
- Conocimientos: windows, azure, siem, devops
- Experiencia: 3 años
- why with Randstad?
Because we have thousands of job offers in our portal.
Because we work with the best companies offering you the best jobs.
Because we assure you all the legal guarantees in your hiring.
Because we guarantee a close follow-up after your incorporation, because we want you to be satisfied.
Because we put at your disposal our advanced technology so that you can sign your contracts and access your labor documentation in a single click.
Because we always count on you.
Enroll in this offer, you will be part of the Randstad candidate database for future employment opportunities.
Register now and find the job you are looking for!