Security Monitoring Platform Engineer – Banking – Brussels

Security Monitoring Platform Engineer – Banking Client – Brussels

€600 – €700 per day

Duration: 6 – 12 months

The Global Security department supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.

The mission of GS is:

to enable sound and formal information security risk decision making by management, and to help management with implementing a proper information security management system.

Information Security Strategy of GS commits to deliver upon four objectives:

1) enable the extended enterprise;

2) Counter cybercrime;

3) Protect our information systems;

4) Manage security risks.

Consequently, the vision of the “GS Cyber Defence’ team is to support Counter cybercrime objective by demonstrably ‘best in class’ preparation and response to unauthorised cyber activity.

JOB/ROLE Description

The Security Monitoring Platform engineer is a Security Specialist and is responsible for supporting the Cyber Defence team by sustaining the core Security Monitoring infrastructure on a day-to-day basis. Further to this he is also involved in providing expert assistance for in-depth analysis of security alerts generated by correlating logs from multiple technologies. An engineer also contributes towards providing enhanced visibility to the security posture of Group’s IT infrastructure.

His responsibilities include:

Platform Engineering

• Maintain solution architecture in line with business requirements and suggest improvements.
• Full operational responsibility for the ArcSight Event Correlation System and other systems for which the Cyber Defence team has operational responsibility. This includes, but is not limited to ArcSight ESM, Splunk, Microsoft ATA, EDR, DLP, SIEM build on ELK stack, Oracle Database, Connector Interfaces, Logger Appliances, Windows and Linux servers, Network Appliance Storage, and Backups.
• Develop & manage ‘Detection Use Cases’.
• Architect and develop custom Flex Connector as required to meet ‘Detection Use Case’ development objectives.
• Maintain technical and user manuals up-to-date.
• Lead the effort and work towards improving the existing process and procedures required for security monitoring operations.

Platform Maintenance

• Define and execute Life-cycle management of the deployed solutions, qualifying new releases and patches and planning/documenting upgrades, new systems, as well as maintaining current operational event flows. Provide optimisation of connector interfaces, aggregation, and data normalisation.
• Availability Management: realise availability requirements, compile availability plans, monitor availability, and monitor maintenance obligations;
• Capacity Management: manage capacity of personnel, system capacity, and component (or tactical) capacity
• Change Management: ensure that standardised methods and procedures are used for efficient handling of all changes
• Asset & Configuration Management: manage and trace every aspect of a configuration (CIs) from beginning to end.
• Release Management: ensure the availability of licensed, tested, and version-certified software and hardware
• Incident Management: The primary objectives are to prevent Incidents from happening, and to minimise the impact of incidents that cannot be prevented.
• Manage/Coordinate relationships, projects, and open issues with ArcSight Support, Professional Services staff, and IT Network teams.

Required knowledge / Experience

3-5 years of experience within the IT domain with 1+ years of specialisation in security operations, monitoring, cyber defence & detection

Technical Experience

Mandatory

• Solid understanding of network and security monitoring architecture
• Operational experience in maintaining networks and SIEM environments especially Arcsight.
• Knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, POP3, HTTP, FTP, and SSH.
• Working experience with ELK stack (Elasticsearch, Logstash et Kibana) implementation and programming.
• Preferable
• Knowledge of other detection/monitoring solutions such as Splunk, Q-Radar, EDR, DLP, MS ATA …
• In-depth understanding and experience in managing security device installations such as firewalls, proxies, IDS/IPS, …
• Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, Lunix, etc.);
• Relevant SANS certifications
• CISSP certification
• Business Experience
• Mandatory
• Knowledge of ITIL based operational processes.
• Preferable
• Prior experience of working in/for financial institutions;
• Prior experience of working in Agile operating model;
• Soft skills

Team player

• Quick self-starter, pro-active attitude, strong time management
• Good Communication and Influencing skills
• Good analytical and synthesis skills
• Autonomy, commitment and perseverance
• Strong intuition and ability to think “outside the box”
• Attention to detail while seeing the bigger picture
• Ability to provide on-the-job training and knowledge sharing to other analysts
• Solid sense of integrity and identification with the mission.
• Ability to process large amounts of information
• Desire to script and automate repetitive parts of the job.

This job ad was posted by Salt. To find out more about Salt’s Privacy Policy and how your application is processed, please visit our website https://welovesalt.com/privacy-policy/.