PARSER AND RULE DEVELOPER FOR ELK STACK
EDUCATION BE \ B.TECH ONLY
BUDGET 11 LPA.
JOB LOCATION - NAVI MUMBAI.
CLIENT INTERVIEW - YES.
Experience 5 To 6 Yrs
Qualitative Requirements:
- Possess technical knowledge of IDS/IPS, DLP, AV with at least 2+ years
of experience in rule/parser development.
- 2+ years' experience of Elasticsearch and logstash filters
- in-depth understanding of security threats, threat attack methods and
current threat environment.
- Has an intelligence-driven security approach for threat detection,
which helps organization use all available security- related information
from both internal and external sources to detect hidden threats from
within and outside the organization
- Well versed in tuning/designing of correlation rules to reduce the
false positives and to generate the alerts/offenses/notifications for
the attacks, security violations and any deviation in the traffic/flow.
- well versed with writing regular expressions.
Responsibilities
- Development of parsers (Regex based) and correlation rules to detect
cyber-attacks and insider threats. Customization of default parsers.
- Understanding the impact of the alerts.
- Development of trend analysis graphs for critical events based on
event correlation.
- Ensure precise Data source configuration at ELK end to pull logs of
different Data sources like OS, DB, Application, web/file server and
security devices (NIPS, firewall, HIPs, proxy, WAF) etc.
- Develop playbooks and train SOC monitoring team on ELK correlation rules, decoders, raw packets and incident detection.