Log Source Engineer (UCF)
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
This individual will operate within the CyberProof Use Case Factory to validate that the appropriate log sources are available for SIEM alert generation.
- Receive Log and Event source requirements from the SIEM Rule Designer and collaborate with Client and Customer Solutions team to ensure the required event sources exist within the customer environment.
- Perform onboarding of log sources into the SIEM system, while ensuring that event logs are secure, parsed and enriched (tagged) correctly to support the development of the security use cases.
- Identify any gaps in log and event sources within the target customer environment and collaborate with the Customer Solutions team to craft a recommendation.
- Test and confirm log ingestion into the SIEM platform.
- Produce all required documentation of the log source connector (e.g. configurations i.e. parser, filtering, tagging and any enrichment if performed at this layer).
- Define requirements for SIEM Log parsers when needed for new log sources and develop parser code.
- Design and create specifications for log collection and ingestion system for target SIEM platform (e. g. Syslog server, Syslog-NG, Logstash, ArcSight Logger, etc)
Must have Skills:
- Regex development
- Azure EventHub/Log Analytics
- Log connector experience (e.g. ArcSight SmartConnector, Splunk, etc)
- Cloud Technologies including APIs, OAuth etc, etc
- XML and JSON
- Fluent in English
- Knowledge of the Security Frameworks e.g. ISO27000x, NIST etc.
- Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent) would be desirable but is not essential
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
- Good interpersonal and communication skills, works effectively as a team player
- Ability to function effectively in a matrix structure
- Strong facilitation, negotiation and conflict resolution skills
- Analytical skills