SIEM Tool Manager

Mons (Arrondissement), Hainaut (BE)
Approx. daily rates in Euros: 400.00-600.00 per day
07 Jan 2021
04 Feb 2021
Clearance Level
Job Type

• Expert knowledge and extensive hands-on experience in O&M and System Administration activities of an Enterprise-wide Security Incident and Event Management (SIEM) based on Splunk Enterprise.
• Demonstrated experience in on-boarding log sources and utilising Regular Expressions for data parsing
• Good knowledge of virtual environment based on VMWare infrastructure.
• Demonstrated experience in using API for data ingestion and tools integration.
• Demonstrated experience in Linux/UNIX Systems administration, preferably with RedHat
• Demonstrated experience in the management and administration of SQL databases.
• Understanding of service delivery management and service lifecycle
• Demonstrated experience in scripting languages
• Professional certifications on Splunk products

A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 2 years of specific experience. Exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate's particular abilities or experience that is/are of interest to NCI Agency; that is, at least 10 years extensive and progressive expertise in the duties related to the function of the post.


Desirable Experience and Education:
• Demonstrated experience and good knowledge of Python
• Demonstrated experience in working with the following products (O&M activities): Microfocus ArcSight,RSA Netwitness, Cisco SourceFire, Opentext Encase.
• Previous experience in working in a Cyber Security
• Professional Certification related to Cyber Security fieldNOTE: This role is not a Threat/Malware Analyst however prior experience in such area is considered an additional benefit

Under the direction of Section Head, Security Tools Management Services or a delegated authority, the incumbent will perform duties such as the following:
- Install, deploy, update, maintain, configure and keep in operational conditions the Cyber Defence capabilities as deployed to protect the Resolute Support Mission Operational networks in Afghanistan.
- Support design of related capabilities and expansion of the service
- Provide support to RSM users accessing CD systems such as Splunk and ensure appropriate RBAC is implemented and used for these users.
- In particular, the incumbent will configure, deploy and maintain the event log collection and correlation capability based on Splunk Enterprise
- Manage and administer the underlying infrastructure to support the efficient operation of the Central Management of these capabilities.
- Develop and enhance the existing interfaces and remote data feeds from RSM Cyber Defence capabilities to the NCIRC Security Information and Event Management system or other centrally managed NCIA capabilities.
- Ensure the level of security (Confidentiality, Integrity, and Availability) of the Resolute Support Cyber Defence Capabilities meet or exceed the minimum security requirements defined by NATO security authorities.
- Act as the interface between the Theatre Cyber Defence personnel, the NCIA CISAF project management team and the NCIRC to ensure the provided capabilities are delivering the expected outcome to the stakeholders.
- Act as the Subject Matter Expert (SME) on Resolute Support Cyber Defence capabilities, especially on SIEM and log aggregation aspects.
- Represent the section for change management and service delivery improvement proposals
- Proactively recommend optimisations to Resolute Support CyberDefence capabilities to provide effective and efficient service operations
- Produce metrics to be integrated into wider CSSL or NCIA products that are being delivered up to NATO executive management level and the Theatre.
- Take initiatives in his area of responsibility and support the other objectives of his line manager.

Similar jobs

Similar jobs