MacAfee SIEM(Nitro), Atlanta, GA
Duration: Long Term
Primary requirement as per JD is :-
Experience on MacAfee SIEM (Nitro) – Administration, log source on-boarding, Use Case development.
On-Boarding Log sources into MAcafee SIEM
Developing Parsers to on-board custom applications to SIEM.
Responsibilities of the SIEM Specialist
SIEM specialist would be a member of SIEM Team and responsible for
- Validate, generate report and resolve logging inactivity by notifying and working Point of contact
- Discover and remediate logging inconsistencies (SIEM) such as Inconsistent timestamp, Inconsistent log levels etc.
- Manage, Configure and cleanup Syslog relay configuration
- Act as point to validate logs are received on relay
- Setup applicable mutual authentication with TLS 1.2 between data sources and relays
- Capture log samples
- Validate in scope logs contain the required fields to build parsers in SIEM/UBA
- Validate relay configuration that SIEM and UBA are receiving messages
- Review existing correlation rule and recommend updates if required
- Recommend new correlation rules
- Assist in creating custom parsers.
- 3 - 5 years working in the Security Logging and Monitoring space
- 2 -4 years of SIEM administration experience
- Network security monitoring experience
- Knowledge of various log formats from: network infrastructure, server, web applications, databases, etc.
- Knowledge of Syslog Relay and Windows Event Forwarder
- Knowledge of VPNs, firewalls, routing/switching, databases, web applications, etc.
- Linux and Windows System administration experience
- Scripting languages such as Python, PowerShell etc.
- McAfee SIEM administration experience
- Knowledge of how McAfee SIEM parses, aggregates, normalizes, correlates, and alerts
- Syslog NG Relay and/or WEF