|Job Type:||Full Time|
The Security Engineer is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort for the SOC Manager to develop, tune and implement threat use cases, log parsers, dashboarding and visualisation for reporting and metric analysis. This position is responsible for maintaining AARNet’s Security Information and Event Management (SIEM) platforms to support the cyber security and threat intelligence analysts within the SOC. This role utilises expertise in search query optimization, and building data models, KV stores, dashboards, and queries to enable correlation of telemetry, detection, alerting, and monitoring for cyber security threats.
The candidate will work closely with the SOC Manager and the broader Information Security team to drive and continuously enhance the platforms that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment.
- Create integrations with various network and security devices through their log events.
- Support the SOC (specifically Security Analysts, and Threat Intel Analysts) in designing, implementing and tuning use cases
- Develop and customise advanced visualisations and dashboards
- Develop custom scripts for data enrichment across internal (e.g., CMDB) and external data sources
- Customise and optimise queries, promote advanced searching, and design creative solutions to complex problems
- Perform data interpretation, classification and enrichment
- Integrate existing data models and support custom data model development, integration, and acceleration
- Collaborate with stakeholders within AARNet and to ensure products, relevant logs sources are integrated into the Alerting and Detection Strategy
- Collaborating with AARNet internal stakeholders and customers on understanding data sources and use cases – successfully translating requirements into actionable content
- Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment, and hunt capabilities across multiple log sources
- Support testing through adversary emulation to validate the effectiveness of associated technique(s) by having defined detection and alerting in place (where possible).
- Manage and support SOC platforms
Expertise, experience & qualifications
- 3+ years’ experience working with and supporting SIEM technology (e.g., LogRhythm, Exabeam, ELK)
- Expertise on Windows operating systems including Active Directory
- Strong knowledge of creating detection rule and content development for alerting, metrics, and/or reporting
- Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment to support use case implementation and tuning
- Strong knowledge of MongoDB, MariaDB and Vulnerability management tools such as Tenable, Qualys
- Experience with scripting languages (e.g., Python, Perl, Bash, Powershell)
- Familiarity with cloud/container security and experience developing security content to detect threats across these (and other) technologies
- Experience integrating threat intelligence platforms (TIP), IOCs – into an alerting and detection strategy
- Experience integrating internal/external API’s and optimising usage
- Telecommunications and/or Education & Research industry experience would be advantageous
- Opensource system engineering related industry recognised certifications would be advantageous, such as RHCE, RHCSA
Nice to have
- Understanding of machine learning and data mining including semi or unsupervised learning, anomaly detection, graph and network analysis
- Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud)
- Security related industry recognised certifications would be advantageous, such as GSEC, GCIA, GPYC.
- Experience working with large data sets with distributed computing a plus (Map/Reduce, Hadoop, Hive, Apache Spark etc.)
- Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)
- Security oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).
- High level of attention to detail, revision control, and configuration management practices
- A passion for “finding evil” and “doing good”
- Able to translate business concepts into the required technical system based events needed to support objectives
- Leadership (taking ownership and accountability for designated activities)
- Collaboration Skills (able to work effectively with others)
- Communication Skills (including ability to present to both technical and non-technical audiences)
Conditions of employment
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference. Remuneration will be based on skills and experience and will include an above market superannuation package.