A FINANCIAL client has a 12 months contract assignment for Security Analyst with strong exp. in SIEM/Splunk in New York, NY.
Client is looking for candidates in NJ/NYC/CT who can commute to work .
Role / Description/ Requirements:
This position is for a core team member to supplement the firms growing cyber security monitoring function. The consultant will join a team currently responsible for:
Improving the service level for security operations and monitoring. This will be done primarily by reviewing on boarded applications and infrastructure to insure logs arrive into Security Information and Event Management (SIEM) for review by SOC analysts.
Interact with applications and infrastructure teams to tune and improve log quality. Provide internal customer-facing service to answer questions from application and infrastructure teams, and connect them with Splunk engineering resources for on boarding.
Configure pre-installed Splunk universal forwarding agents for forwarding applications data into Splunk. Editing Splunk config files for data ingestion. Troubleshooting for logs.
Insure data quality by submitting each application to a rigorous log quality analysis through Splunk queries. Provide discernment and knowledge of Splunk queries and bring experience to bear on data analysis.
Help to define and improve data standards for security and infrastructure logs.
Creating and maintaining system documentation for log on boarding quality and data quality review processes. Expanding the usage of Log Quality Review Process and insure reliability of SIEM data for all investigations and forensic work.
Runs log review processes, documents, and Splunk queries against known applications and infrastructure data sources. Reviews results looking for garbage data, badly parsed logs, or possible mis- configurations in log reporting. Reviews available logs to confirm there are adequate quantities and content to usefully provide Security Monitoring.
Ensures security logs are generated, collected, correlated, and monitored.
Development of Data Dictionaries for log sources to confirm which fields and values are needed or useful for Security Monitoring.
Review current tooling to identify incremental monitoring opportunities, and communicate needs to engineering teams that support SOC
Engaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure log on boarding review and data quality analyses are efficiently carried out and communicated to appropriate application managers.
Providing reporting and metrics around log on boarding review by designing and maintaining dashboards for asset owners and management consumption. Leveraging existing technologies within the organization to expand the scope of coverage of the log on boarding review team. Through reporting and metrics around log on boarding, define pass/fail criteria.
Producing training documentation and process documentation.
Recommending then implementing approved program improvements.