About AARNetAustralia's Academic and Research Network (AARNet) was established in 1989 and is widely regarded as the founder of the Internet in Australia and renowned as the architect, builder and operator of world-class network infrastructure for research and education.We are Australia's National Research and Education Network (NREN). We connect over one million users—researchers, faculty, staff and students—at institutions across Australia, supporting education and research across a diverse range disciplines including high energy physics, climate science, genomics, radio astronomy and the arts.Nationally, AARNet interconnects Australian universities, the CSIRO, and other organisations who have a research and education mission, or with whom the education and research sector interacts. These include hospitals, vocational training providers, schools and museums. Internationally, AARNet interconnects the Australian Research and Education (R & E) community to the world – and continuously develops new capabilities and partnerships to facilitate seamless data access and transfer.AARNet also offers a suite of supporting applications to our customers. These include network and collaboration services such as Zoom, that enable innovation in the delivery of research and education.We are an organisation of innovators, doers, and courageous thinkers. We are not constrained by traditional products and solutions and we constantly strive to build the solutions that our customers will need tomorrow – today. If you have the imagination, foresight and drive to build the future why not come and join us?The RoleThe Security Engineer – Platforms, is part of the Security Operations Centre (SOC) and is a key driver of security engineering effort to develop, tune, and implement log source integrations and parsing. This position is responsible for maintaining AARNet's robust catalog of parsers, tuning them when required, as well as assisting in broader User and Entity Behavior Analytics (UEBA) and Security Information and Event Management (SIEM) platform work items.The candidate will work closely with the SOC Platforms Manager and the broader teams to drive and continuously enhance the platforms that underpin the Alerting and Detection strategy within the SOC enabling both AARNet and its customers to operate in a safe environment. This role provides and opportunity to learn data engineering in the context of Cyber security.This role is a permanent full time role and we are unable to hire individuals on temporary visas.ResponsibilitiesResponsible for data ingestion and the building of new parsers to support ongoing SOC use case requirementsCollaborate with stakeholders within AARNet to ensure that relevant logs sources are parsed and integrated into the Alerting and Detection StrategyNormalise data from log sources into the Elastic Common Schema (ECS)Build CrowdStrike LogScale dashboards to demonstrate new workCollaborate with AARNet internal stakeholders and customers on understanding data sources and use cases – successfully translating requirements into the SOC data management frameworkDrive strategy towards automated on-boarding of relevant data sources/feeds to enable detection, enrichment, and hunt capabilities across multiple log sourcesCreate integrations with various network and security devices through their log events.Develop custom scripts for data enrichment across internal (e.g., CMDB) and external data sourcesPerform data interpretation, classification and enrichmentManage and support other SOC platforms (e.g., XSOAR, MISP, ELK)Expertise, experience & qualificationsMust HaveExpertise with a centralized logging framework (e.g., LogScale, Splunk, ELK)Experience with regular expressionStrong experience with scripting languages (e.g., Python, Perl, Bash, PowerShell)Experience with a version control system (e.g. Git)Nice to haveExperience integrating internal/external API's and optimising usageGood understanding of Cyber security platforms/environmentsTelecommunications and/or Education & Research industry experience would be advantageousExperience working with large data sets with distributed computing a plusPrior experience in working Service provider (SP) or Managed Security Services Provider (MSSP)Familiarity with data schemas (e.g. Elastic Common Schema)Familiarity with Linux and containersFamiliarity with a peer review and a CI/CD workflowImportant skillsSecurity oriented and problem solving mindset (like solving puzzles and finding ways into closed systems).High level of attention to detail, revision control, and configuration management practicesA passion for "finding evil" and "doing good"Able to translate business concepts into the required technical system based events needed to support objectivesLeadership (taking ownership and accountability for designated activities)Collaboration Skills (able to work effectively with others)Communication Skills (including ability to present to both technical and non-technical audiences
