Security Folks (Question in regards to a position like this)

DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
Just curious how realistic it is for someone to cross fields into a role like this?

The reason I ask, I see these positions pop up at my current place of employment but always gun shy to apply. It's either a total hit or a miss in regards to the bullets. Worst case we all get a good laugh! icon_lol.gif

RESPONSIBILITIES

  • Analysis of security logs including data acquisition, data cleaning, and creating security alerts based on data I perform a lot of data cleaning, analysis, aquisition etc.... Nothing in the security space though
  • Scripting, customization, and light application development within SIEMs (Splunk, etc.) No Clue
  • Behavioral Analytics and search/query design involving very large security datasets Mine large sets of data for finance and supply chain. Nothing really in the behavioral realm
  • Organization and manipulation of medium to very large data sets Oh yeah this is in my wheelhouse (Home run)
  • Create written reports, dashboards, and visualizations Absolutely, I do this all the time it's 50% of my position.
  • Analyze data for trends, statistical patterns, and intelligence See above***
  • Develop security use-cases for Insider Threat activity and malware behavior No clue
  • Incident and alert response No clue
 
EXPERIENCE/SKILLS
  • Experience interpreting security logs and related datasets No
  • Strong analytical skills Yes
  • Windows events, endpoint processes, *NIX event logs Not really
  • Knowledge of network design, security tools, and TCP/IP protocols Not really
  • Excellent oral and written communication skills Yes
  • Ability to excel in a team environment; self-starter Yes
  • Strong ability to work without direction towards a desired outcome Yes
  • Programming/Scripting – Python and XML preferred; R a plus XML and R ~2 years (PS R is pretty easy)
  • Experience with APIs and moving data between databases and applications Yes
  • SQL and SQL Databases YES
  • Advanced Excel; Microsoft Office, Powerpoint, etc. YES
  • Experience with Splunk (preferred) or other SIEM-type platform No Clue
  • Must work well under pressure, multi-task, be dependable and accountable YES
I'm just curious what it would take for people from different spaces to transition? Thanks for any insights....

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    This looks like a tier-1 SOC position. Depends on what type of role you would be transitioning from - for someone coming from a NOC or a net/sys admin, I would imagine it would not be too much of a stretch to transition apart from learning the security related stuff.
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    icon_lol.gif I had no idea that was entry level position.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Depending on how many tiers you have I'm not sure a T1 person would be doing scripting and application development within a SIEM. Either way though, it's your current workplace, if you're trying to get into security and can even do some of those things and have desire I'd apply in a heartbeat.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Since it's your current employer, they might be willing to take a chance. Be prepared to invest and upskill
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    icon_lol.gif I had no idea that was entry level position.

    I didn't mean to suggest it's entry-level. Only that it's read like a tier-1 position - meaning that it's a role where the analyst is doing the initial triage of SIEM events. I am guessing that the role probably includes scripting to integrate new data sources and other data analysis work. As @Danielm7 indicated - your best bet is to just ask icon_smile.gif since it's your current workplace.
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    paul78 wrote: »
    I didn't mean to suggest it's entry-level. Only that it's read like a tier-1 position - meaning that it's a role where the analyst is doing the initial triage of SIEM events. I am guessing that the role probably includes scripting to integrate new data sources and other data analysis work. As @Danielm7 indicated - your best bet is to just ask icon_smile.gif since it's your current workplace.

    If someone says Tier - 1 I automatically assume entry level. Former tortured help desk employee.

    @Daniel7 - I'm just trying to ride the wave, make money.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Depending on the SIEM in use, adding data sources i pretty easy, click click click ok. The hard part with the SIEM's is getting the correlations setup correctly and setting up meaningful alerts and reports and threat intelligence feeds if any. and then having the man power to actually review all the logs, that is insane! Dashboards help a bit, but still not very.

    DatabaseHead: Stay were you are man, you are better working with the databases, all these software use databases, if you want to change roles, look at post-sales implementations of IAM tools and UBA( User behavior analytics). Plenty of companies out there looking for people that know how to configure, troubleshoot and correct database issues and those tools are heavy in databases.You will be making big $$$. I worked with few DBA's in my past job, the guys were working remotely building everything they actually taught me some stuff with SSIS also but since i left my job i've never had to use SSIS again and forgot everything.
  • jamthatjamthat Member Posts: 304 ■■■□□□□□□□
    This reads like it's a Splunk-centric position (mentioned multiple times). If so, and you're into logs/data, it wouldn't hurt to try it out. The SIEM/UBA component may just be the Splunk apps (ES/UBA) that facilitate this functionality. It's all highly customizable, but works well out of the box.

    Beyond that there is so much more to Splunk - especially if you're tasked with assisting other business units outside of just Security (making data meaningful, dashboards/visualizations, etc...).

    It's also free to use at home with a cap of 500mb/day. Install it, throw some logs or test data at it, and go to town.
Sign In or Register to comment.