Logging and Analytics Operations Specialist

We are an outsourcing company that has clients in Europe, USA and Asia. We are seeking Logging and Analytics Operations Specialist to work in one of our valued client offices in London, UK. Our client is a social media video content platform for creating and sharing short lip-sync, comedy, and talent videos and with offices in most EMEA and AMS countries.

Role Overview:

As a direct report to the Logging and Analytics Platform Operations Lead within the Business Operations team, you will be a part of the Security Operations team responsible for Enterprise Defense Operations and Platform Management, Hosting Platform Defense Operations, and Global Security Technology Operations.

As a Logging and Analytics Platform Operations Specialist, you will support the Logging and Analytics Platform Operations Lead and cross functional partners in deploying, integrating, and managing, technologies to support the security and protection of data in accordance with relevant geographical regulations, contractual commitments, and confidentiality requirements.

Responsibilities:

• Determine requirements and deploy logging capabilities across applications, infrastructure, databases, and networks.
• Develop strategy for ingestion and extraction of log data from various sources, including integrations with SIEM.
• Define conditions and logic to identify unauthorized/inappropriate activities and indicators of compromise, including triage and escalation of suspected events.
• Optimize and tune existing correlation rules and alerts to reduce false positives.
• Develop and apply data models to event logs for advanced analytics.
• Support root cause analysis, debugging, and post-mortem analysis of cybersecurity incidents in partnership with other security functions.
• Develop and report metrics on logging capabilities and trends based on analysis.
• Perform analysis of logging and monitoring coverage and onboard new data sources.
• Review and assess utilization of logging and monitoring tooling.
• Develop standard operating procedures and training for each technology.
• Architect and continuously improve the security technology stack, processes, and procedures, support model and cross-function interactions.
• Define and execute (as needed) procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of enterprise data assets and technology platforms.
• Handle data ingestion, integration, parsing, correlation, and create dashboards and alerts in SIEM.

Minimum Qualifications:

• Bachelor’s Degree or industry-equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program.
• 3+ years of applicable experience.
• Splunk engineer experience.
• Strong Python scripting.
• Kafka experience.
• SOAR experience.
• Familiarity with Linux.
• High degree of integrity and trustworthiness and the ability to lead and inspire change.
• Demonstrate ability to quickly assimilate new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge.
• In-depth experience in the following:
• Operating system (OS) hardening
• SIEM, IDS, IPS technologies
• Asset management
• Change management
• Microservice architecture
• Logging, monitoring, and security event management
• Database management and administration

Preferred Qualifications:

• CISSP, SSCP, CAP, CCSP, CISM, CSX-P or applicable experience in the Information Security field.
• Familiarity with source code management tools (e.g., GitHub, Bitbucket).
• Familiarity with securing data across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform).