Cyber Threat Intelligence, Information Security
Master (EQF 7), Bachelor (EQF 6), Associate degree (EQF 5)
We are looking for an experienced SIEM Engineer that can help us develop set of SIEM Extensions, Applications and Integrations between our product, EIQ Platform and various SIEM products with emphasis on Splunk. This type of integrations go beyond modules within our platform and include development on top of SIEM platforms as well as all-round Solution Architecture with focus on performance and flexibility. Think about connecting world of Cyber Threat Intelligence with large pools of security information and events along with some cool analytics challenges.
This is a Senior Engineering role which requires strong leadership qualifications, ability to operate independently and occasionally in an consultative manner with customers as well. You MUST be a passionate SIEM visionary since you will be give an opportunity to advance our existing portfolio of SIEM Applications and Integrations to next level.
Our product, EIQ Platform, is a web UI / REST API-based platform built with Python 3 on top of frameworks like Flask, SQLAlchemy, and Celery. It relies on data stores like PostgreSQL and Elasticsearch. The codebase consists of several modules/libraries spread over the application.
As an ideal candidate, you have relevant experience working with various SIEM platforms with emphasis on Splunk, but also are experienced with large, robust, high-performance applications using similar technologies we use; you can responsibly build on and improve them.
- Independently build new SIEM products Integrations and SIEM products related Extensions with focus on Splunk and resolve issues in an Agile environment.
- Independently build new EIQ Platform Integrations and Integrations related product features and resolve issues in an Agile environment.
- Independently design, engineer, configure, troubleshoot and administer SIEM such as Splunk.
- Independently develop SIEM queries and dashboards and advise EIQ Customers on best practices in developing their own queries and dashboards.
- Participate in application/infrastructure capacity planning, trend analysis and performance forecasting exercises and propose recommendations to meet ongoing monitoring application performance and scalability demands.
- Deliver work with a DevOps approach (you run the code you wrote) and compliant with the team's Definition Of Done.
- Profile Python code, write unit and integration tests, take part in performance testing.
- Perform code reviews and participate in technical design sessions with the rest of Engineering team.
- Closely collaborate with fellow Engineers and Product team members to design and implement product solutions that meet our quality criteria.
- 7+ years’ professional experience.
- 5+ years’ experience building robust applications and/or products using Java or Python.
- 3+ years’ experience building on on top of Splunk and relevant eco-system.
- Understanding SIEM solution architectures, challenges and techniques in use for building Security Operation Centers.
- Understanding design patterns in use for modern software development using Java and/or Python.
- Appreciation for clean code, thorough testing, and API design.
- Critical and innovative thinking.
- Strong experience with ELT, specifically around data wrangling and transformation.
- Demonstrable track record working with some of the key SIEM technologies: Splunk, Arcsight, QRadar, AlienVault, Elastic Stack ...
- Demonstrable experience on configuring, tuning and optimizing SIEMs in an enterprise environment
- Demonstrable experience with a wide range of security tools such as Intrusion Detection/Intrusion Prevention/Endpoint Detection ...
- Demonstrable experience working with the following technologies: Linux, Git, SQL, REST, JSON, XML, HTTP.
Nice to have
- Recent certification with some of the SIEMs such as Splunk Administrator or Architect.
- Design data models for complex data structures.
- Complex multi-tier application profiling.
- Familiarity with the following Python frameworks: Flask, SQLAlchemy, Celery.
- Familiarity with the following data stores: PostgreSQL, Elasticsearch.
- Experience with NoSQL databases in general.
- Familiarity with AWS and cloud computing concepts in general.
- Familiarity with DevOps and automation tools like Jenkins, Ansible and Hashicorp suite of tools.
Apply for this job via our website.