Job Description :
Looking to support CBS on some niche security tools, SEM tool. Currently using Qradar. They had an on site consultant who left and trying to replace them.
80% of the job is on SIEM tool administer and support the tool. SOC analyst skill set for using the tool, coordination of the logs, if there is alerts/intrusions they do initial analysis and if it’s false positive they squash it if real intrusion they pass it.
What they want to do is manage/administer tool, the candidate has to be very versed with operating system of the tool, know the connecticity between it and network devices. They create lots of logs, and need to connect the logs to the device, and requires skills in python scripting Linux administration comes in handy. 1-2 years of hands on experience with linux administration
Not daily python usage, once or twice a month only
MUST have Qradar – CBS has 15 devices which a large environment, if they only had 1 or 2 not great. should have design/implementation/architecture of Qradar. At LEAST administred for large SIEM tools if not implemented.
If we can’t find Qradar splunk is good choice
CBS is going to AWS that is nice to have
They are managing CBS end point security antivirus, other 20
Pen testers are in high demand and would like to see some of those skill
Certifications- not mandatory but good to have CISSP, CEH,
Will report to VP of Security at CBS will interact directly with them and lots of business stakeholders

Job Description:

Primary Skills

Linux operating system experience using command line interface. (2-5 years)
-Experience using ssh, scp, cron jobs

Basic network technologies knowledge (2-5 years)
-Experience using, ipconfig, ifconfig, IPv4, ping, netstat –rn
-tcpdump and wireshark capture experience (mandatory)
-TCP handshake understanding and TCP Flags understanding (PUSH, FIN, RST, ACK)
-UDP vs TCP differences

SIEM experience with QRadar or Splunk (Any SIEM will do) (2-5 years)
-Syslog protocol
-Server agents
-Log filtering
-Netflows, JFlows
-Rule and offense configuration
-Log parsing and field extraction using REGEX

AWS Cloud Experience (Big Plus) – (2 years)
-CloudTrail logs
-CloudWatch logs
-S3 buckets

Software Development in support of automation (2 years developing scripts)
-Python scripting

Endpoint Security
-CrowdStrike Falcon (Big Plus since CBS is migrating to CrowdStrike from McAfee)