Platform Engineer

About AARNet

Australia’s Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education. 

We are Australia’s National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.

Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer. 

AARNet also offers a suite of supporting applications to our customers. These include network and collaboration services such as Zoom, that enable innovation in the delivery of research and education.

We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future why not come and join us?

The Role

The Security Engineer – Platforms, is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort to develop, tune, and implement log source integrations and parsing. This position is responsible for maintaining AARNet’s robust catalog of parsers, tuning them when required, as well as assisting in broader User and Entity Behavior Analytics (UEBA) and Security Information and Event Management (SIEM) platform work items. 

The candidate will work closely with the SOC Platforms Manager and the broader teams to drive and continuously enhance the platforms that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment. This role provides and opportunity to learn data engineering in the context of Cyber security.

This role is a permanent full time role and we are unable to hire individuals on temporary visas.

Responsibilities

• Responsible for data ingestion and the building of new parsers to support ongoing SOC use case requirements
• Collaborate with stakeholders within AARNet to ensure that relevant logs sources are parsed and integrated into the Alerting and Detection Strategy
• Normalise data from log sources into the Elastic Common Schema (ECS)
• Build CrowdStrike LogScale dashboards to demonstrate new work
• Collaborate with AARNet internal stakeholders and customers on understanding data sources and use cases – successfully translating requirements into the SOC data management framework
• Drive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment, and hunt capabilities across multiple log sources
• Create integrations with various network and security devices through their log events.
• Develop custom scripts for data enrichment across internal (e.g., CMDB) and external data sources
• Perform data interpretation, classification and enrichment
• Manage and support other SOC platforms (e.g., XSOAR, MISP, ELK)

Expertise, experience & qualifications

Must Have

• Expertise with a centralized logging framework (e.g., LogScale, Splunk, ELK)
• Experience with regular expression
• Strong experience with scripting languages (e.g., Python, Perl, Bash, PowerShell)
• Experience with a version control system (e.g. Git)

Nice to have

• Experience integrating internal/external API’s and optimising usage
• Good understanding of Cyber security platforms/environments
• Telecommunications and/or Education & Research industry experience would be advantageous
• Experience working with large data sets with distributed computing a plus
• Prior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)
• Familiarity with data schemas (e.g. Elastic Common Schema)
• Familiarity with Linux and containers
• Familiarity with a peer review and a CI/CD workflow

Important skills

• Security oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).
• High level of attention to detail, revision control, and configuration management practices
• A passion for “finding evil” and “doing good”
• Able to translate business concepts into the required technical system based events needed to support objectives
• Leadership (taking ownership and accountability for designated activities)
• Collaboration Skills (able to work effectively with others)
• Communication Skills (including ability to present to both technical and non-technical audiences