- Bachelor’s degree in Information Technology (IT) related field
- Three (3) years of Azure Sentinel experience
- Three (3) years of Kusto Query Language experience
- One (1) year of Information Security experience
- High proficiency with Azure Sentinel and Azure Log Analytics.
- Demonstrated background development of analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting, and KQL queries for data normalization and parsing capabilities within Log Analytics’ data ingestion pipeline.
- Understanding of Security Operation Center tool applications
- Advanced event analysis leveraging Azure Sentinel SIEM
- Solid knowledge of M365 security toolsets
- Expertise in Azure Logic Apps, Microsoft Flow and Power BI
- Advanced incident investigation and response skill set
- Advanced log parsing and analysis skillset
- Proficient in Python, PowerShell, or C#
- Proficient in Linux configuration and common administration tasks
Tasks & Responsibilities:
- Development and training for design, configuration and on-boarding of data sources:
- Specific expertise using KQL query language
- Data drill-down and Custom dashboards
- Provide Threat
- Intelligence and Hunting templates
- Detection and response for best practices and procedures
- Build and tune alerting scenarios for investigations
- Develop playbooks to execute automatically when an alter is triggered
- Data export of relevant forensic analysis data with data preservation
- Data ingestion and parsing of logs
- Identity Access Management (IAM)
- Application data & performance
- Critical servers and services log data
- Support for ad hoc queries for incident investigation with the ability to query both normalized data and original data collected.
- Event session reconstruction to present the raw data is an understandable way.
- Graphical representation of information and data
- Add additional log data to gain deeper insight into network activities.
- Logic App Notifications and alerts.
- Create and save custom queries, workbooks and templates.
- How to import, save and utilize GitHub Sentinel and Sentinel related tools related code.
- Other use cases and best practices that would be of interest.
- Development, training, and implementation of data management and security capabilities:
- Role-based access control to the data
- Encryption of all data within remote collectors/aggregators/analyzers, where such devices are able to be part of the solution.
- Establish retention of logs, events, and access notifications for a period of two (2) years.
- Development and training for alert and alarm (workbook)
- Enable mechanism to set off alerts and alarms when incidents are detected
- Enable third-party ticketing systems integration
- Development and training for remediation (playbook)
- Enable bi-directional communication with network and security devices to enable remediation of defined incidents
Enable the ability:
- To create remediation activities defined by administrators
- To generate automated remediation policies
- To integrate with security technologies and non-security solutions for remediation actions
- Implementation of approval of workflow with hierarchy of approval when remediating activities
- Development and training for full audit trails
- Configure the solution to provide full audit trails within the system
- Audit trails must be able to log all access to the system, alerting and alarming actions.
- Enable role-based access controls (RBAC) when able.
- Development and training for data visualization
- Implement best practices when presenting data in a usable format.
- Create and deploy data visualizations for a Security Operations Center shared monitor (or television) overhead data presentation platform.
- Create and deploy custom dashboards.
- Presentation of data using a combination of tools with Power Builder, Microsoft O365, Azure or third-party recommended tools.
- Implementation of big data analytics
- Integrate with purpose-built big data repositories
- Integrate with purpose-built big data security analytics
- The Offeror proposed resource will be focusing primarily on SIEM and SOAR use case development and data collection primarily utilizing the Azure Sentinel and Azure Log Analytics toolsets.
- Develop of SIEM and SOAR use cases and log data collection utilizing the Azure Sentinel and Azure Log Analytics toolsets will be required.
Bachelor’s degree in Information Technology (IT) related field.
To apply for this job email your details to email@example.com