Logging and Analytics Operations Specialist
HY Legan and Services is an outsourcing company that has clients in Europe, USA and Asia. We are seeking a Logging and Analytics Operations Specialist to work in one of our valued client offices in London, UK. Our client is a social media video content platform for creating and sharing short lip-sync, comedy, and talent videos and with offices in most EMEA and AMS countries.
As a direct report to the Logging and Analytics Platform Operations Lead within the Business Operations team, you will be a part of the Security Operations team responsible for Enterprise Defense Operations and Platform Management, Hosting Platform Defense Operations, and Global Security Technology Operations.You will also be responsible for supporting the Logging and Analytics Platform Operations Lead and cross functional partners in deploying, integrating, and managing, technologies to support the security and protection of data in accordance with relevant geographical regulations, contractual commitments, and confidentiality requirements.
Responsibilities:- Determine requirements and deploy logging capabilities across applications, infrastructure, databases, and networks;
- Develop strategy for ingestion and extraction of log data from various sources, including integrations with SIEM;
- Define conditions and logic to identify unauthorized/inappropriate activities and indicators of compromise, including triage and escalation of suspected events;
- Optimise and tune existing correlation rules and alerts to reduce false positives;
- Develop and apply data models to event logs for advanced analytics;
- Support root cause analysis, debugging, post-mortem analysis of cybersecurity incidents in partnership with other security functions;
- Develop and report metrics on logging capabilities and trends based on analysis;
- Perform analysis of logging and monitoring coverage and onboard new data sources;
- Review and assess utilization of logging and monitoring tooling;
- Develop standard operating procedures and trainings for each technology;
- Architect and continuously improve security technology stack, process and procedures, support model and cross-function interactions;
- Define and execute (as needed) procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of enterprise data assets and technology platforms;
- Data ingestion, integration, parsing, correlation, creating dashboards and alerts in SIEM.
- Bachelors’ Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program;
- 3+ years applicable experience;
- Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge;
- Experience in the following:
◦ Splunk engineer experience
◦ Elastic Search engineer experience
◦ Strong Python scripting
◦ Kafka experience
◦ Operating system (OS) hardening
◦ IDS, IPS technologies
◦ Logging, monitoring, and security event management
◦ Database management and administration
◦ Threat detection
◦ EDR product
◦ Network security
Other preferred Qualifications:
- CISSP, SSCP, CAP, CCSP, CISM, CSX-P or applicable experience in the Information Security field
- Familiarity with source code management tools (e.g., Github, Bitbucket)
- Familiarity with securing data across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)