100% interview*::Logging & SIEM role::REMOTE at Remote, Remote, USA |
Email: [email protected] |
From: Sam, Adventa Tech Inc [email protected] Reply to: [email protected] Job Description - Position: Logging/SIEM role Location: Remote Duration: 6+ month Rate: $100/hr Visa: ANY MOI: Video I am looking for a Logging SME to help with Application Logging. I am also looking for someone to do installation of a tool called Tenable. Tenable. Logging/SIEM role Build a Logging and Monitoring Standard for Identified Applications Clearly specify the types of logs to collect (e.g., security, audit, performance, error logs) based on the application's criticality. Define logging levels (error, warning, info, debug) and map them to relevant events. Set retention timelines for each log type, balancing operational needs and regulatory compliance. Adoption Across Applications: Ensure all identified applications adopt this standard, leading to a uniform logging and monitoring framework. Determine Applications Capable of Logging Review each application's ability to generate relevant logs (e.g., Syslog, JSON, proprietary formats) to ensure they meet the logging standard. Collaborate with application owners to confirm existing logging capabilities and identify gaps. Ensure that all necessary logs are enabled and aligned with the standard. Configure Applications to Log in Compliance with BSC Standards Configure logging for all applications to meet the predefined BSC standards. This includes ensuring appropriate log formats, retention policies, and security measures are applied. Ensure the logging of critical events such as authentication, data access, configuration changes, and errors is standardized across applications. Follow best practices for ensuring event visibility and accuracy. Configure Applications to Forward Logs for SIEM Integration Configure applications to forward logs to the SIEM. This ensures centralized monitoring, analysis, and incident detection across the entire application ecosystem. Identify areas to transform logs, ensuring only relevant logs are ingested. This will help reduce noise and manage SIEM ingestion costs effectively. Perform end to end testing to confirm logs are forwarded and integrated into the SIEM properly. Address any formatting or network issues that may arise. Develop Application Monitoring Use Cases Assist to develop monitoring use cases specific to each applications behavior and operational context. Focus on key areas such as: Track application performance metrics and log performance issues. Identify security related events such as unauthorized access, privilege escalation, or suspicious behavior. Operationalize Monitoring Use Cases Integrate the developed use cases into the SIEM for real-time monitoring. Set up key performance indicators such as alert accuracy (to minimize false positives) and incident response time. Train SOC Analysts on Application Logging and Monitoring established processes Keywords: access management 100% interview*::Logging & SIEM role::REMOTE [email protected] |
[email protected] View all |
Fri Sep 13 18:51:00 UTC 2024 |