Send me more jobs like this

Parser and Rule developer for ELK stack

Keywords / Skills : Parser , Rule developer , ELK stack, IDS/IPS, DLP, AV, tuning, designing

5 - 6 years
Posted: 2020-06-18

Industry
IT/Computers - Software
Function
IT
Role
Software Engineer/ Programmer
Posted On
18th Jun 2020
Job Description
Skills: 
- Possess technical knowledge of IDS/IPS, DLP, AV with at least 2+ years of experience in rule/parser development.

- 2+ years’ experience of Elasticsearch and logstash filters

- in-depth understanding of security threats, threat attack methods and current threat environment.

- Has an intelligence-driven security approach for threat detection, which helps organization use all available security- related information from both internal and external sources to detect hidden threats from within and outside the organization

- Well versed in tuning/designing of correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, security violations and any deviation in the traffic/flow.

- well versed with writing regular expressions.

Responsibilities:

- Development of parsers (Regex based) and correlation rules to detect cyber-attacks and insider threats. Customization of default parsers.

- Understanding the impact of the alerts.

- Development of trend analysis graphs for critical events based on event correlation.

- Ensure precise Data source configuration at ELK end to pull logs of different Data sources like OS, DB, Application, web/file server and security devices (NIPS, firewall, HIPs, proxy, WAF) etc.

- Develop playbooks and train SOC monitoring team on ELK correlation rules, decoders, raw packets and incident detection.



About Company

IT Staffing Services
Walkin for you