Parser and Rule developer for ELK stack
LPA. Job location - Navi Mumbai.
Client Interview - Yes.
Notice period-Max 30 days
Experience ? 5 to 6 yrs
Qualitative Requirements : - Possess technical knowledge of IDS / IPS , DLP , AV with at least 2+ years of experience in rule / parser development.
2+ years? experience of Elasticsearch and logstash filters - in-depth understanding of security threats , threat attack methods and current threat environment.
Has an intelligence-driven security approach for threat detection , which helps organization use all available security- related information from both internal and external sources to detect hidden threats from within and outside the organization - Well versed in tuning / designing of correlation rules to reduce the false positives and to generate the alerts / offenses / notifications for the attacks , security violations and any deviation in the traffic / flow.
well versed with writing regular expressions. Responsibilities : - Development of parsers (Regex based) and correlation rules to detect cyber-attacks and insider threats.
Customization of default parsers. - Understanding the impact of the alerts. - Development of trend analysis graphs for critical events based on event correlation.
Ensure precise Data source configuration at ELK end to pull logs of different Data sources like OS , DB , Application , web / file server and security devices (NIPS , firewall , HIPs , proxy , WAF) etc.
Develop playbooks and train SOC monitoring team on ELK correlation rules , decoders , raw packets and incident detection.