Freelance IT Engineer - Security Log Normalisation (ZZP)

ABN AMRO wants to scale out the usage of logging by normalising raw logging to a normalised schema. The normalisation is done using Microsoft tooling as part of the Azure landscape using a manual process. The normalization configuration needs to be placed within the Azure Monitor data pipeline and requires identification of fields and values, next to transformation to be done using KQL and Regex concepts. These need to be generated based-on a small sample of logging and applied directly within the data pipeline.

With the following results:

• At least 60% of the security log schema’s identified for 150 application are normalised by EOY

  • Testing the security log normalization

  • Applying of the configuration in the pipeline

  • Validation of the security log normalisation with the relevant stakeholders

  • Ensuring data quality over-time including preventing dropping of security logs

Describe in short your experience with each requirement.

• Data savviness. You know your way with data and getting all the insights out. Keen on finding the ‘real’ problem that needs to be solved. Relentless but friendly, following processes;

• Communication and Data Visualization: Knowing Your Audience;

• Data engineering. Implementing data analytics from source to consumption. Knowledge of Azure related pipelines is preferred. 

• Understanding of security logging in diverse formats and schema’s

• Data Wrangling. KQL, Regex, Grok

• Experience with SIEM solutions and detection engineering (3 years or more)

• And it would be great if you have some typical domain knowledge too like:

• Internet technology: networks, web applications, http, json, xml;

• Information security: identity and access, cybercrime, cyber security;

• Banking or financial sector;

• Agile-scrum way of working.

Describe in short your experience with each requirement.