Mandatory Qualifications:
- Bachelor’s degree in Information Technology (IT) related field
- Three (3) years of Azure Sentinel experience
- Three (3) years of Kusto Query Language experience
- One (1) year of Information Security experience
- High proficiency with Azure Sentinel and Azure Log Analytics.
- Demonstrated background development of analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting, and KQL queries for data normalization and parsing capabilities within Log Analytics’ data ingestion pipeline.
- Understanding of Security Operation Center tool applications
- Advanced event analysis leveraging Azure Sentinel SIEM
- Solid knowledge of M365 security toolsets
- Expertise in Azure Logic Apps, Microsoft Flow and Power BI
- Advanced incident investigation and response skill set
- Advanced log parsing and analysis skillset
- Proficient in Python, PowerShell, or C#
- Proficient in Linux configuration and common administration tasks
Tasks & Responsibilities:
- Development and training for design, configuration and on-boarding of data sources:
- Specific expertise using KQL query language
- Data drill-down and Custom dashboards
- Provide Threat
- Intelligence and Hunting templates
- Detection and response for best practices and procedures
- Build and tune alerting scenarios for investigations
- Develop playbooks to execute automatically when an alter is triggered
- Data export of relevant forensic analysis data with data preservation
- Data ingestion and parsing of logs
Monitor:
- Identity Access Management (IAM)
- Application data & performance
- Critical servers and services log data
- Support for ad hoc queries for incident investigation with the ability to query both normalized data and original data collected.
- Event session reconstruction to present the raw data is an understandable way.
- Graphical representation of information and data
- Add additional log data to gain deeper insight into network activities.
- Logic App Notifications and alerts.
- Create and save custom queries, workbooks and templates.
- How to import, save and utilize GitHub Sentinel and Sentinel related tools related code.
- Other use cases and best practices that would be of interest.
- Development, training, and implementation of data management and security capabilities:
- Role-based access control to the data
- Encryption of all data within remote collectors/aggregators/analyzers, where such devices are able to be part of the solution.
- Establish retention of logs, events, and access notifications for a period of two (2) years.
- Development and training for alert and alarm (workbook)
- Enable mechanism to set off alerts and alarms when incidents are detected
- Enable third-party ticketing systems integration
- Development and training for remediation (playbook)
- Enable bi-directional communication with network and security devices to enable remediation of defined incidents
Enable the ability:
- To create remediation activities defined by administrators
- To generate automated remediation policies
- To integrate with security technologies and non-security solutions for remediation actions
- Implementation of approval of workflow with hierarchy of approval when remediating activities
- Development and training for full audit trails
- Configure the solution to provide full audit trails within the system
- Audit trails must be able to log all access to the system, alerting and alarming actions.
- Enable role-based access controls (RBAC) when able.
- Development and training for data visualization
- Implement best practices when presenting data in a usable format.
- Create and deploy data visualizations for a Security Operations Center shared monitor (or television) overhead data presentation platform.
- Create and deploy custom dashboards.
- Presentation of data using a combination of tools with Power Builder, Microsoft O365, Azure or third-party recommended tools.
- Implementation of big data analytics
- Integrate with purpose-built big data repositories
- Integrate with purpose-built big data security analytics
- The Offeror proposed resource will be focusing primarily on SIEM and SOAR use case development and data collection primarily utilizing the Azure Sentinel and Azure Log Analytics toolsets.
- Develop of SIEM and SOAR use cases and log data collection utilizing the Azure Sentinel and Azure Log Analytics toolsets will be required.
Education:
Bachelor’s degree in Information Technology (IT) related field.