Security Engineer - SIEM Detection

Last updated a minute ago
Location:Melbourne
Job Type:Full Time

The Role

The Security Engineer is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort for the SOC Manager to develop, tune and implement threat use cases, log parsers, dashboarding and visualization for reporting and metric analysis. This position is responsible for developing content within AARNet’s Security Information and Event Management (SIEM) platform to support the cyber security and threat intelligence analysts within the SOC. This role utilizes expertise in search query optimization, and building data models, KV stores, dashboards, and queries to enable telemetry, detection, alerting, and monitoring for cyber security threats.

The candidate will work closely with the SOC Manager and the broader Information Security team to drive and continuously enhance the content that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment.


Responsibilities

Perform data processing and transformation to maximise informational value – including creating integrations with various network and security deivces through their log events

Communicate and demonstrate success of data science-based methodologies for internal and external use – translating requirements into actionable content

Support the SOC (specifically Security Analyts) in designing, implementing and tuning use cases and workflow content – includes ongoing testing and adversary emulation to validate associated technique(s) have detected and alerted as designed

Develop and customise advanced visualisation and dashboards

Customise and optimise queries, promote advanced searching, and design creative solutions to complex problems

Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment and hunt capabilities across multiple log sources

Support the development of automation playbooks for use across multiple customer environments

Work with stakeholder teams (e.g.: SOC, Customer support, Customer teams) on developing and managing the backlog of needed orchestrations and automations

Develop integrations between orchestration and automation platform and other information repositories

Build orchestration and automation response capabilities (such as playbooks) for the SOC team

Work under general guidance, and is autonomous with minimal supervision

Manage and support SOC platforms


Expertise, experience & qualifications

Must Have:

  • Understanding of machine learning and data mining including semi or unsupervised learning, anomaly detection, graph and network analysis
  • Experience working with large data sets with distributed computing a plus (Map/Reduce, Hadoop, Hive, Apache Spark etc.)
  • Strong knowledge of creating detection rule and content development for alerting, metrics, and/or reporting
  • Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment to support use case implementation and tuning
  • Strong knowledge of MongoDB, MaraDB and Vulnerability management tools such as Tenable, Qualys
  • Experience with scripting languages (e.g., Python, perl, bash, powershell)
  • Familiarity with cloud/container security and experience developing security content to detect threats across these (and other) technologies
  • Experience integrating threat intelligence platform (TIP), IOCs – into an alerting and detection strategy
  • Experience integrating internal/external API’s and optimising usage
  • Telecommunications and/or Education and Research industry experience would be advantageous
  • Opensource system engineering related industry recognised certifications would be advantageous, such as RHCE, RHCSA

Nice to have:

  • Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud)
  • Expertise on Windows Operating system, Active Directory
  • Securty related industry recognised certifications would be advantageous, such as GSEC, GCIA, GPYC.
  • Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)


Important skills

  • Security oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).
  • High level of attention to detail, revision control, and configuration management practices
  • A passion for “finding evil” and “doing good”
  • Able to translate business concepts into the required technical system based events needed to support objectives
  • Leadership (taking ownership and accountability for designated activities)
  • Collaboration Skills (able to work effectively with others)
  • Communication Skills (including ability to present to both technical and non-technical audiences)

Conditions of Employment

AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference. Remuneration will be based on skills and experience and will include an above market superannuation package.