The SIEM & Security Detection unit of Generali Operations Service Platform S.r.l. (GOSP) is responsible for the development, management and evolution of Generali SIEM architecture, related integration of IT log sources and implementation of detection strategy to effectively detect and react in case of adverse security events.
The unit reports directly to the head of the Cyber Security department of GOSP and is responsible to manage the Generali SIEM platform for more than 20 legal entities of the Group, distributed in different time zones. A tight cooperation with the Security Operation Center, with the Cyber Security Incident Response team and with the main IT departments of GOSP is required to ensure an effective coordination of all main stakeholders involved in the prevention, detection and response processes.
As SIEM specialist you will be responsible for the day-by-day management and development of the SIEM platforms of GOSP and your activities will span from the infrastructural management of the SIEM components, to the integration of new log sources, definition and implementation of detection use cases and correlation rules, active support to transformation projects aimed at modernize the SIEM architecture for all GOSP customers, prepare periodical reporting and ensure the overall SIEM architecture is always up to date and works as expected.
- Perform daily checks to ensure SIEM platforms runs as expected
- Identity possible log source outages and notify those to the corresponding platform owner to mitigate the identified issue
- Integrate additional log source on GOSP SIEM platforms
- Perform administration of the SIEM platforms for both on-prem and on-cloud instances
- Integrate new log sources depending on internal and customer needs
- Provide periodical reporting and KPIs
- Define and implement new security detection use cases, in cooperation with CSIRT team to improve the detection capabilities of GOSP SIEM
- Cooperate with SOC for the fine tuning of detection use cases in place
- Participate to project activities aimed at extending SIEM scope as well as evolving the SIEM platform toward cloud based SIEM
- Implement optimization actions aimed at maximizing the usage of SIEM resources both on prem and on cloud platforms
- Actively contribute to the definition and implementation of SIEM strategy according to Group security requirements
- Cooperate with other Cyber Security and Security colleagues both from GOSP and customer side
- Degree in Computer Science, IT Security, or equivalent work experience in Information Security
- Minimum 2-5 years of experience in SIEM administration
- Excellent knowledge of Splunk and Splunk ES solution
- Good knowledge of IBM Qradar solution
- Good knowledge on network principles
- Intermediate English (at least CEFR B1, written/spoken)
- Availability to travel occasionally in Europe.
- Splunk certifications are a plus (Splunk Core Certified Advanced Power User, Splunk Cloud Certified Admin, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect)
- Good understanding of IT infrastructure (network, systems).
- Communication and interpersonal relations skills in an international environment.
- Knowledge of one or more scripting languages (eg: PowerShell)
- Ability to implement process and technologies that make efficient use of SIEM and collected data for the purposes of security detection.
- Capable of defining security use cases and correlation rules to enable SIEM detection of new cyber treats
- Good interpersonal communication and team work oriented
- Attention to details with flexibility in addressing changing requirements
- Knowledge of security concepts such as cyber-attacks and techniques, threat vectors
- Microsoft Office suite usage (Word, PowerPoint, Excel).
Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees.
GOSP – Generali Operations Service Platform is a joint-venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group’s innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 5 branches across Europe and employs about 1.000 people.