Within the company, the past years, we have been heavily invested in developing a comprehensive security strategy, in addition to implementing a SoC (Security Operations Center), appropriate governance, processes, training and awareness initiatives.
We also provide managed security services for companies that leave the security monitoring of their infrastructure and applications to our company.
Within the Security Engineering team, the related intrusion detection and prevention technology is developed and kept up to date. Centrally, SIEM (Security Information and Event Management) systems enable real-time analysis of security alerts, trite and vulnerability management tools, filtering, reporting and data analytics technologies. Evolutions within this rapidly changing domain are monitored closely.
As a Junior/Medior/Senior engineer in the team, you will soon be able to perform independent projects under the supervision of a Senior engineer. You will implement the security monitoring of new technologies and systems, from concept definition to implementation and testing. You will implement improvements to real-time views and reporting. You will be involved in the definition of the Security Tool evolution, assist in implementing platform upgrades, and in evaluating new technologies within the domain.
You are curious, have an analytical mind, and are always looking for solutions? You work independently, pay attention to detail, and you like to work with different people inside and outside the team?
Apply for this function.
- To support extensions of our monitored products portfolio, we require the following skills: Wide (not deep) knowledge of most common security products: Firewall, Proxy, IDS/IPS, Mail and Webgateways, Web application Firewalls...
- Arcsight Flexconnectors / Parsing overrides development Regular expressions coding
- To help us with the demand for reporting projects:
- Splunk and Arcsight reporting skills, including:
- For Arcsight:
- Usage of trends
- Reports scheduling
- For Splunk:
- Data models
- Eval functions
- Scheduled searches
- In General:
- Understanding of the business needs
- Finding the best way to cover requirements and designing searches/queries
- Knowledge of the tools limitations
- Documentation (both toward the business and toward internal technical teams)
Duties and Responsibilities
- Arcsight ESM and Splunk Enterprise infrastructure general knowledge Forwarders and SmartConnectors concept and differences
- Indexer, Search heads and ESM Manager concepts and differences Multi-tier (Arcsight)
- Indexer and Sear Heads clustering (Splunk):
- SmartConnectors monitoring
- Connectors' logs analysis
- Functionality issues troubleshooting
- Parsing issues troubleshooting
- Handling and tracking heterogeneity in connector parameters
- Forwarders monitoring
- Forwarding events from Splunk to Arcsight monitoring & troubleshooting Heavy and Universal forwarders troubleshooting and central management
- Occasional evening maintenance Windows (19h -> ...) Connectors upgrades (software, Aups)
- GIT for versioning and release management Arcsight ESM and Splunk upgrades
- Important structural changes in the infrastructure:
- Infrastructure sizing
- Devices throughput monitoring
- Sizing/dimensioning issues detection (pre-process, post-process)
- Close relationship with vendor Support centers Create tickets for operational issues
- Proactive follow-up of tickets:
- Security Analysts support
- P.O.C. for security analyst's incidents
- Get ownership of operational issues incidents
- Dispatch engineering related incidents:
- Infrastructure administration Users permissions configuration New/Terminated users monitoring
- Connector and forwarders remote deployment and management
- Deploy and support new engineering solutions into production Support during solution roll out
- Support for complex problems
- Feedback on issues encountered and documentation
- Language: Good knowledge of English (written and oral), any other language (Dutch, French...) is an extra advantage.
- Communicative and assertive.
- Able to work independently & as part of a team.
- Sense of responsibility and self-initiative.
- Flexible - able to work around roadblocks if required, but always keeping the target in sight.
- Able to deliver work of high quality.
- A first work experience (1 to 3 years) is definitely an advantage but not a requirement.
- Knowledge / experience with IT systems, security management, SIEM (Splunk, Arcsight, other...) concepts are a plus.
- Good working knowledge of (RedHat) Linux & development for Linux.
- Analysis and documentation skills as well as programming and implementation experience.
Working location/hours: Brussels/Office hours. (Occasional evening maintenance Windows: 19h -> 23h).