Sobre o nosso cliente
Global technology company that operates in the fields of electrification, automation, and digitalization, providing innovative solutions for industry, infrastructure, transportation, and healthcare
Descrição
Responsabilites:
- Collaborate with different defense teams (like Security Analysts, Threat Hunting, Incident Response, Data Science, SecDevOps, Threat Intelligence) to help create high quality Threat Detection for IT applications and application logs.
- Identify and onboard relevant log sources and detection components, including both on-premises and Azure-native sources.
- Implement and manage Azure resources and integrations for the ingestion of log sources into Microsoft Sentinel.
- Develop log parsers using Logstash Grok expressions to normalize and enrich data from various sources, with adherence to the Elastic Common Schema (ECS) format.
- Support strategic service planning by advising on best-suited detection and integration technologies, with a focus on Azure-native solutions and scalability.
- Assist in the administration and automation of tools and services within hybrid environments.
- Actively participate in monitoring-driven Incident and Problem Management processes.
- Contribute to internal knowledge creation and the sharing of best practices related to Azure and Sentinel architecture, data ingestion, and automation.
Perfil ideal
- Overall experience in security monitoring/security operations center environments (SOCs) and with their underlying processes.
- Good understanding of the cybersecurity landscape, including standards, frameworks, and best practices.
- Strong knowledge of Logstash, including plugin configuration and pipeline optimization.
- Experience onboarding logs from various sources using industrystandard tools and formats (e.g., Syslog, JSON, REST APIs).
- Experience with regular expressions and Grok-based parsing.
- Familiarity with cloud platforms, especially Microsoft Azure, including experience with:
- Sentinel and Log Analytics / KQL
- Azure Monitor and integration of Azure Monitor Agent for Linux
- Designing and implementing infrastructure supporting Sentinel data ingestion (e.g. Event Hubs, Storage Accounts, Key Vault, etc)
- Azure-native automation (e.g., Logic Apps & Functions)
- Deployment of workloads in Azure Container Instances (e.g., Logstash, Python)
- IaC with Terraform / OpenTofu
Vantagens
Benefits & Compensations
- Total package range: 40.000€ to 50.000€ Gross annual Salary & Annual Bonus
Benefits:
- Personal insurance
- Meal Allowance
- IT setup budget
- Others