Senior Security Consultant
Amsterdam, NETHERLANDS
Job description
Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
• Create SIEM Content: Develop and put into action SIEM content, like correlation\\analytic rules, dashboards, hunting queries.
• Understanding Content development lifecycle: (use case creation, testing, implementation, tuning and decommission)
• Work with Different Data Sources: Get familiar with various types of data sources, such as "syslog", "jdbc", "REST API", etc.
• Regex Skills: custom parser creation and data extraction in queries and correlation rules.
• Understanding of data normalization principles: (example ASIM, CIM model)
• Understanding of data structure like JSON, XML, etc
• Playbook automation: Get comfortable with playbook automation like "Azure Logic Apps", "Splunk Phantom", "IBM Resilient"
• Basic Coding Skills: like Python, Perl, bash, and PowerShell
• Familiar with: MaGMa, IoT security, SIGMA rules, and GitHub.
Required Technical and Professional Expertise
• Experience in: malware analysis or reverse engineering
• Good understanding networking: (CCNA level)
• Understanding of security landscape: (trends, solutions, etc)
• Understanding of Cyber Kill Chain and MITRE ATT&CK frameworks
• Hands-on experience with managing Microsoft Cloud Security Suite such as Azure AD, Sentinel (SIEM), Defender (XDR) and MDE
• Good knowledge of enterprise SOC structure, SOC-as-a-service
• Good knowledge of use case and workflow management
• Capabiltiy of composing and understanding advance KQL
Preferred Technical and Professional Expertise
• Familiar with MaGMa framework, IoT Security, SIGMA rules or GitHub
• Microsoft Certified SC-100, SC-200, SC-900 and AZ-900