SIEM Data Engineer (Barcelona)

HAYS + Seguir empresa
Barcelona - España 07/07/2021

Descripción de la oferta de empleo

Our client, important FMCG multinational, in order to complete their IT Platforms Department, we are currently looking for a SIEM Data Engineer for their Global Hub located in Barcelona.

The role of the SIEM Data Engineer is to lead the security data integration design, implementation and quality assessment to the security analytics platform in order to contribute to the threat detection use cases and incident response process of the Cyber SOC.

You will act as the reference person for data on-boarding to the various SIEM and data processing solutions and key technical contact for the data sources owners in order to ensure the constant coverage, quality and health of the security relevant logs. You will be part of a dedicated product team aiming to provide the best-in-class cyber threats detection capabilities in order to improve the Nestlé business resilience along the Cyber Kill Chain.

The successful candidate will work closely with other specialized security teams and solution owners in order to determine the asset and threat coverage gaps based on standard threat modeling frameworks such as MITRE ATT&CK or OWASP. You will play an active role supporting the SIEM correlation rules and data science machine learning models by providing real-time log shipping, streaming, parsing, enrichment and normalization of the data.

Key responsibilities

- Lead the SIEM data sources on-boarding activities in collaboration with the managed service provider
- Act as Single Point of Contact (SPOC) for the data sources stakeholders within SOC, IT Organization or its external providers in order to design and implement the SIEM integration
- Deploy and configure data feed collectors to support new technologies
- Develop new parsers, data enrichments and normalization to Common Event Format (CEF) and Splunk Common Information Model (CIM)
- Ensure the data quality and identify any gaps in the security event collection
- Take the ownership of the security events lifecycle and data flows across all our components such as log shippers, data stream processor, message bus, SIEM and data lake.
- Support the SIEM use cases development and production release
- Develop and deploy our SIEM infrastructure and content leveraging DevOps CI/CD Pipelines, Infrastructure as a Code, Git Repository, Wiki Documentation and Cloud services.
- Oversee the delivery of administrative operations performed by third party provider including SIEM data feeds and infrastructure health monitoring, health checks, troubleshooting, performance optimization, IT and Cloud infrastructure administration, security and costs.
- Participate actively in the Cloud modernization and migration of our security monitoring and alerting infrastructure.

What will make you successful

- Bachelor or Master´s Degree in Computer Science, Information Security or another similar relevant degree.
- 5+ years of proven experience and technical skills in SIEM technologies for large environment (Splunk, ArcSight, Azure Sentinel), with log shippers, log formats and source data for SIEM analysis
- Strong understanding of log collection, streaming, correlation and threat detection
- Expertise with Windows, Linux and UNIX platforms (security or system administration)
- REST API and Syslog familiarity
- Scripting and parsers development (e.g. Python, Regex)
- Proficient in normalization to Common Event Format (CEF) and/or Splunk Common Information Model (CIM)
- Attention to detail, strong analytical skills and efficient problem solving
- Experience with effective communication at different levels in the organization and in English
- Experience having worked in a global environment and with virtual teams.

Otros detalles de la oferta

CVs inscritos en el proceso: 0

Comparte esta Oferta
Datos principales de la oferta

¿No tienes cuenta en

Regístrate como candidato en y vincula tu CV a las ofertas de empleo.

Crea tu cuenta gratis