SIEM Architect
Quote ref: 990027/78393
Job description
This contract with our central government client is for a SIEM Architect for 7 months. The role is primarily remote with occasional travel as needed.
The overall aim for Overall Aim of Role is to suggest, implement or manage implementation of tactical and strategic improvements to the SIEM and associated components. This will include the following areas:
1. SIEM Engineering and Architecture improvements:
- Document, and socialise, a shared responsibility model to increase buy-in for directorates to send log data to the CSOC (see also project work on convergence)
- Simplifying engineering complexity and automation features within the log farm
- Standardising collection tier components across directorate environments including possibly using Infrastructure as Code (IaC) approach
- Mature Splunk ES advanced data models
- Improve mapping of Splunk ES use cases to the MITRE ATT@CK framework
- Use case prioritisation, and classification, with a common Risk Based Alerting (RBA) approach.
2. Strategic SIEM improvements:
- Wider use of SOAR for common analyst tasks
- Improvement to data enrichment practices to add context to incident response investigations
- Other project work including further SIEM convergence, dashboarding, log source monitoring via TrackMe
3. Quality assurance to improve the onboarding function and knowledge transfer
- Working with the MSP, make improvements to the onboarding process
- Quality checks and assurance of the Onboarding function
- Knowledge sharing of certain areas with the CSOC
Requirements
• SIEM Engineering and Architecture skills, specifically in Splunk SaaS
• A credible technology leader who can drive through technology and process change.
• Good communications, reporting and presentational skills.
• Full end to end experience of the delivery lifecycle experience for improvements
• Splunk SaaS experience and expertise as a lead architect and/or engineer
• Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
• Experience of the lifecycle of SIEM delivery, including convergence from other SIEMs