Searchtek Consulting Services LLP jobs - Parser and Rule Developer-ELK stack

PARSER AND RULE DEVELOPER FOR ELK STACK

EDUCATION BE \ B.TECH ONLY

BUDGET 11 LPA.

JOB LOCATION - NAVI MUMBAI.

CLIENT INTERVIEW - YES.

Experience 5 To 6 Yrs

Qualitative Requirements:

• Possess technical knowledge of IDS/IPS, DLP, AV with at least 2+ years
  

of experience in rule/parser development.

• 2+ years' experience of Elasticsearch and logstash filters
• in-depth understanding of security threats, threat attack methods and
  

current threat environment.

• Has an intelligence-driven security approach for threat detection,
  

which helps organization use all available security- related information
from both internal and external sources to detect hidden threats from
within and outside the organization

• Well versed in tuning/designing of correlation rules to reduce the
  

false positives and to generate the alerts/offenses/notifications for
the attacks, security violations and any deviation in the traffic/flow.

• well versed with writing regular expressions.
  

Responsibilities

• Development of parsers (Regex based) and correlation rules to detect
  

cyber-attacks and insider threats. Customization of default parsers.

• Understanding the impact of the alerts.
• Development of trend analysis graphs for critical events based on
  

event correlation.

• Ensure precise Data source configuration at ELK end to pull logs of
  

different Data sources like OS, DB, Application, web/file server and
security devices (NIPS, firewall, HIPs, proxy, WAF) etc.

• Develop playbooks and train SOC monitoring team on ELK correlation rules, decoders, raw packets and incident detection.