Cyber Security Data Log Specialist

**Cyber Security Data Log Specialist
- **Working Location**:Mons, Belgium**
- **Security Clearance**: NATO Secret**
- **Language**:High proficiency level in English language

**EXPERIENCE AND EDUCATION:
**Essential Qualifications/Experience:
- 1+ year of extensive practical experience as Splunk administrator (deployment, installation, configuration and maintenance)
- Extensive hands-on experience in regular expressions
- Extensive experience with on-boarding and managing data feeds within a SIEM environment. Practical experience in designing solutions to ingest new data feeds into SIEM
- 2+ years expert level experience related to SIEM/LogA management activities
- Practical hands-on experience in systems and tools administration, especially Linux environment
- Practical skills in writing Bash, Python or Ansible scripts to support repetitive tasks automation
- Ability to develop clear and concise technical documentation, including procedures

**Desirable Qualifications/Experience**:

- Extensive practical experience as Splunk administrator in large enterprise environment (deployment, installation, configuration and maintenance)
- Practical experience of Splunk Enterprise security, Phantom and UBA
- Practical experience (as system administrator) with MicroFocus ArcSight
- Experience in GIT
- Hands-on experience with Ansible as an automation technology
- Proficient with SIEM content creation - correlation rules, reports, dashboards
- Experience in creation/modification of custom parsers or flex connectors
- Understanding the Indicator of Compromise (IOC) concept and experience in integration of Threat Intel feeds and IOCs with SIEM platform
- Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell)
- Prior experience automating interactions between systems using APIs
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
- Prior experience as a user of SIEM and Log aggregation system
- ITIL Service Management certifications
- Experience in developing Splunk Applications
- Content management experience in Splunk, especially Enterprise Security and Advanced Search and Reporting
- Hands-on experience with network infrastructure and virtualized environments (preferably VMWare)
- Industry leading certification in the area of Cyber Security such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC and CFCE
- Previous experience working for Cyber Security related organisations (CERTs, security offices)
- Previous experience working in an international environment comprising both military and civilian elements

**DUTIES/ROLE**:

- Act as the Chief Technician and Subject Matter Expert (SME) for log collection systems within the Cyber Security Data team
- The main area of responsibility is managing multiple types, formats and quantities of data feeds to ensure established events and alerts are ingested from various log sources across NATO networks into the NCSC central security logging platform
- As the SME, you will provide advice and technical assistance to other stakeholders, maintain technical expertise, awareness, and developments in related new technologies, and provide technical contributions to any projects related to the log collection systems
- Management of data feeds, including but not limited to:
ü Ensuring proper receipt of events from different sources

ü Correction of data parsing issues

ü Keeping an inventory of all log sources from all monitored networks

ü Ensuring all data feeds are monitored in real time and issues are immediately identified and worked upon
- As the SME you will be required to coordinate activities with log source providers at remote sites to ensure that data and logs are received into the NCSC central logging platform. In support of this you will establish and maintain a defined list of contacts with CIS support personnel from remote sites
- Following ITIL standards, provide support to Operations and Service Delivery management covering all stages of the log collection systems lifecycle with the emphasis on the log collection aspects (e.g. Service Design, Transition, Operations, Change Management and Continual Service Improvement)
- Ensure that all system components are continuously monitored and take appropriate technical and non-technical actions for solving detected issues
- Ensure that the Log Source Monitoring (Solarwinds or Splunk) solution is operational and that alerts are generated and actioned upon for any major changes in service
- Ensure that log collection systems operate within any KPI's, as defined in Service Level Agreements with NCSC customers
- Support the integration with external tools and provide technical assistance for any associated activities
- Proactively identify and propose system improvements to ensure an up-to-date and stable environment. Justify business needs, prepare documentation and implementation plan for t