|Job Type:||Full Time|
The Security Engineer is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort for the SOC Manager to develop, tune and implement threat use cases, log parsers, dashboarding and visualization for reporting and metric analysis. This position is responsible for developing content within AARNet’s Security Information and Event Management (SIEM) platform to support the cyber security and threat intelligence analysts within the SOC. This role utilizes expertise in search query optimization, and building data models, KV stores, dashboards, and queries to enable telemetry, detection, alerting, and monitoring for cyber security threats.
The candidate will work closely with the SOC Manager and the broader Information Security team to drive and continuously enhance the content that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment.
Perform data processing and transformation to maximise informational value – including creating integrations with various network and security deivces through their log events
Communicate and demonstrate success of data science-based methodologies for internal and external use – translating requirements into actionable content
Support the SOC (specifically Security Analyts) in designing, implementing and tuning use cases and workflow content – includes ongoing testing and adversary emulation to validate associated technique(s) have detected and alerted as designed
Develop and customise advanced visualisation and dashboards
Customise and optimise queries, promote advanced searching, and design creative solutions to complex problems
Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment and hunt capabilities across multiple log sources
Support the development of automation playbooks for use across multiple customer environments
Work with stakeholder teams (e.g.: SOC, Customer support, Customer teams) on developing and managing the backlog of needed orchestrations and automations
Develop integrations between orchestration and automation platform and other information repositories
Build orchestration and automation response capabilities (such as playbooks) for the SOC team
Work under general guidance, and is autonomous with minimal supervision
Manage and support SOC platforms
Expertise, experience & qualifications
- Understanding of machine learning and data mining including semi or unsupervised learning, anomaly detection, graph and network analysis
- Experience working with large data sets with distributed computing a plus (Map/Reduce, Hadoop, Hive, Apache Spark etc.)
- Strong knowledge of creating detection rule and content development for alerting, metrics, and/or reporting
- Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment to support use case implementation and tuning
- Strong knowledge of MongoDB, MaraDB and Vulnerability management tools such as Tenable, Qualys
- Experience with scripting languages (e.g., Python, perl, bash, powershell)
- Familiarity with cloud/container security and experience developing security content to detect threats across these (and other) technologies
- Experience integrating threat intelligence platform (TIP), IOCs – into an alerting and detection strategy
- Experience integrating internal/external API’s and optimising usage
- Telecommunications and/or Education and Research industry experience would be advantageous
- Opensource system engineering related industry recognised certifications would be advantageous, such as RHCE, RHCSA
Nice to have:
- Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud)
- Expertise on Windows Operating system, Active Directory
- Securty related industry recognised certifications would be advantageous, such as GSEC, GCIA, GPYC.
- Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)
- Security oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).
- High level of attention to detail, revision control, and configuration management practices
- A passion for “finding evil” and “doing good”
- Able to translate business concepts into the required technical system based events needed to support objectives
- Leadership (taking ownership and accountability for designated activities)
- Collaboration Skills (able to work effectively with others)
- Communication Skills (including ability to present to both technical and non-technical audiences)
Conditions of Employment
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference. Remuneration will be based on skills and experience and will include an above market superannuation package.