- Job no: RXD9N
The Security Engineer is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort for the SOC Engineering Manager to develop, tune and implement threat use cases, log source integrations and parsers, dashboarding and visualisation for reporting and metric analysis. This position is responsible for maintaining AARNet’s User and Entity Behavior Analytics (UEBA) and Security Information and Event Management (SIEM) platforms to support the cyber security and threat intelligence analysts within the SOC. This role utilises expertise in search query optimization, and building data models, dashboards, and queries to enable correlation of telemetry, detection, alerting, and monitoring for cyber security threats.
The candidate will work closely with the SOC Engineering Manager and the broader Cyber Security team to drive and continuously enhance the platforms that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment.
- Manage and support User and Entity Behavior Analytics (UEBA) platform
- Manage and support Security Information and Event Management (SIEM) platform
- Create integrations with various network and security devices through their log events.
- Support the SOC (specifically Security Analysts, and Threat Intel Analysts) in designing, implementing and tuning use cases
- Develop and customise advanced visualisations and dashboards
- Develop custom scripts for data enrichment across internal (e.g., CMDB) and external data sources
- Customise and optimise queries, promote advanced searching, and design creative solutions to complex problems
- Perform data interpretation, classification and enrichment
- Integrate existing data models and support custom data model development, integration, and acceleration
- Collaborate with stakeholders within AARNet and to ensure products, relevant logs sources are integrated into the Alerting and Detection Strategy
- Collaborating with AARNet internal stakeholders and customers on understanding data sources and use cases – successfully translating requirements into actionable content
- Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment, and hunt capabilities across multiple log sources
- Support testing through adversary emulation to validate the effectiveness of associated technique(s) by having defined detection and alerting in place (where possible).
- Manage and support other SOC platforms (e.g., XSOAR, MISP, ELK)
Expertise, experience & qualifications
- Experience working with and supporting UEBA and SIEM technologies (e.g., LogRhythm, Exabeam, ELK)
- Expertise on Windows operating systems including Active Directory
- Strong knowledge of creating detection rule and content development for alerting, metrics, and/or reporting using tools such as Kibana and Elastic
- Experience developing security content with regular expressions, correlation, feature extraction, data classification and enrichment to support use case implementation and tuning
- Experience with scripting languages (e.g., Python, Perl, Bash, PowerShell)
- Familiarity with cloud/container security and experience developing security content to detect threats across these (and other) technologies
- Experience integrating threat intelligence platforms (TIP), IOCs – into an alerting and detection strategy
- Experience integrating internal/external API’s and optimising usage
- Telecommunications and/or Education & Research industry experience would be advantageous
- Opensource system engineering related industry recognised certifications would be advantageous, such as RHCE, RHCSA
Nice to have
- Understanding of machine learning and data mining including semi or unsupervised learning, anomaly detection, graph and network analysis
- Good understanding of security threats across multiple platforms/environments (e.g., Windows/*nix/Cloud)
- Good understanding of MongoDB and Vulnerability management tools such as Tenable, Qualys
- Security related industry recognised certifications would be advantageous, such as GSEC, GCIA, GPYC.
- Experience working with large data sets with distributed computing a plus (Map/Reduce, Hadoop, Hive, Apache Spark etc.)
- Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)
- Security oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).
- High level of attention to detail, revision control, and configuration management practices
- A passion for “finding evil” and “doing good”
- Able to translate business concepts into the required technical system based events needed to support objectives
- Leadership (taking ownership and accountability for designated activities)
- Collaboration Skills (able to work effectively with others)
- Communication Skills (including ability to present to both technical and non-technical audiences)
Conditions of employment
AARNet is committed to diversity and providing equal opportunity to all. We’re a great place to work if you want to make a difference.
AARNet provides competitive remuneration and a host of other benefits including:
• 17% superannuation;
• Flexible work options;
• 24 weeks paid -Maternity Leave;
• 24 weeks paid - Adoption Leave;
• 16 weeks paid – Paternity Leave;
• 20 days paid - Family & Domestic Violence Leave;
• 2 days Women's Wellness Leave per month
• 4 weeks paid - Death of a Close Family Member Leave;
• 5 days paid – Natural Disaster Leave;
• 2 days paid - Family Wedding Leave;
• Sector leader in Social Responsibility and Ethics; and
• A company structure that allows your career to grow with access to leading edge technologies
- Published on 19 Dec 2022, 10:38 PM