Objective of Job
The Cybersecurity Data Engineer SIEM Solutions role is an Engineer and interface between our internal platform architectural team and the Cyber Intelligence Response Centre (CIRC). The Data Engineer interprets data and turns raw data into information which offers insights towards the security posture of Client.
Task Description
- Cross-functional work and cooperation in the development of new and optimization of existing security processes and tools
- Leading to an improved detection of anormalies/attacks and optimizing the processing of security incidents. This position must be able to read and understand logs systems and to recognize anomalies that can indicate an attack by development and using appropriate searches/use cases
- Analyse connected Log Sources referring to their Data Structure, Data Format, Data Fields and their value for Security
- Develop Parser for incorrectly parse Data
- Maps Data to Data Models
- Optimize the Data Structure to increase performance and reduce costs
- Leverage machine learning to identify the correct parses and Data Models
- Create Data Transformation and mapping Pipelines per Data source
- Setup Routings to different log targets
- Define Security Data Models in ESB and SIEM, and mapping of the Security Data Models
- Documentation of the implemented Data Models and pipeline
- Implement Data Model in SIEM in cooperation with the SOC
- Push the implemented Data Models in GIT
- Clarify the Data models with the Use Case Engineers
- Data optimization for Cloud SIEM
- Reduce Data volume usage in SIEM Solution
- Support in the further connection of new data sources in the SIEM Infrastructure
- Act as Single Point of Contact for Parsing issues within SOC
- Able to handle Parsing issues incidents together with operations and SOC
- Develop generic Onboarding Guidelines for log sources
- Implement/extend parsing's for different log source types
- Setup and implement a Data Retention and Deletion Concept
- Establish Concept for Data Replication between Cloud and DC
- Close cooperation with responsible partners such as CIRC, Platform Owner and Platform Lead Architect in the further development of the platform
- Act as an interface between platform operation and the demand management
Qualification
Education & Certifications
Degree from a reputable university or significant course work in Computer Science, Networking, engineering or other computer-related fields of study
Specific Knowledge
- Familiar with REST API and Syslog
- Scripting and parsers development (e.g. Python, Regex)
- Strong understanding of log collection, streaming, correlation and threat detection
These would be a plus:
- Technical and security knowledge of at least one of the leading Cloud platforms (e.g. Azure, AWS, GCP)
- Experience with DevOps CI/CD Pipelines, Git Repository and Containers technologies
- Relevant technical and industry certifications (e.g. Splunk, ArcSight, Microsoft, SANS, ISC2)
Experience (type of)
- Effective oral and written communication skills
- Good timekeeping ability to cope with a tight deadline and achieve operational objectives
- Self-motivated with the ability to carry out assigned tasks with minimum supervision
- Previous relevant experience working in a security operational /analytical role, ideally within a Corporate, Military, or Police environment
- Experience working in a global environment and with virtual teams
