Consultant

Job Title: Security Logging Support Specialist (2-5 Years of Experience)

Job Description:

We are seeking a detail-oriented and technically proficient Security Logging Support Specialist to join our team. In this role, you will be responsible for supporting the operational aspects of our security environment, Microsoft Azure Sentinel, primarily utilizing tools like Kusto Query Language (KQL) and Microsoft Azure Services such as Logic Apps and Azure Functions for managing and automating security workflows. Your expertise in these tools, combined with your foundational understanding of IT infrastructure and Microsoft Azure, is necessary to help streamline the onboarding of new data sources and respond to incident tickets efficiently.

As an Security Logging Support Specialist, you will work closely with our security and IT teams, troubleshoot data onboarding issues, and ensure seamless integration of data sources across our IT infrastructure. This position is suitable for someone with 2-5 years of experience in the IT operations or systems administration space who has a strong interest in security, monitoring, and automation.

Key Responsibilities:

• Support the integration of new data sources from a variety of IT infrastructure devices (e.g., servers, firewalls, network devices, appliances).
• Ensure the proper configuration, troubleshooting, and maintenance of data onboarding processes. Address data collection issues and perform root-cause analysis for data discrepancies.
• Work closely with the infrastructure teams to onboard new data sources, ensuring they are properly integrated into Microsoft Sentinel.
• Provide operational support to ensure data is accurately ingested and monitored across multiple platforms.
• Assist in the development and automation of security workflows using Logic Apps.
• Collaborate with other teams to define data management processes, policies, and standards.
• Write and maintain light scripts to automate data onboarding/management tasks (e.g., Powershell, Python, Bash).
• Support and maintain data retention and archival processes to meet business and compliance needs.
• Document and report issues, resolutions, and improvements for internal knowledge sharing.
• Utilize Microsoft Azure services for security monitoring and automation.
• Develop and maintain KQL (Kusto Query Language) queries for data analysis and monitoring within Microsoft Sentinel.

Preferred Qualifications:

• 2-5 years of experience in an operational or support role focused on IT infrastructure or logging systems.
• Familiarity with security tools like Microsoft Sentinel and services that support data ingestion, including Logic Apps (data ingestion, monitoring, and configuration) and Azure Functions (Function Apps).
• Solid understanding of Microsoft Azure services and their application in security monitoring and automation.
• Experience with KQL (Kusto Query Language) for data analysis and monitoring.
• Solid understanding of Linux and Windows servers, with comfort navigating the Linux command line.
• Working knowledge support log management and monitoring supporting applications, such as RSyslog, Cribl, Graylog, Syslog-ng or similar.
• Working knowledge of key IT concepts, including API, CIDR notation/subnets, RDP and SSH, Security Protocols (SSL, TCP/IP, Proxy, IAM), Load Balancing and HA, Virtualization, Ansible, Git, SQL
• Light scripting knowledge in at least two of the following languages: Powershell, Python, Shell/Bash.
• Strong troubleshooting skills and ability to resolve issues efficiently.
• Ability to collaborate with cross-functional teams to develop and communicate technical details clearly.

Desired Skills:

• Strong problem-solving and analytical abilities.
• Knowledge of log aggregation, parsing, and searching techniques.
• Familiarity with log data normalization and correlation.
• Experience with automation and orchestration tools is a plus.

Experience Level

Mid Level