SOC Log Onboarding Lead

As part of the Log Onboarding Factory, SOC Onboarding & Integration Lead, you will be in charge of the following activities:

• Leading the Log Onboarding Factory team, overseeing onboarding processes while performing individual contributor activities as outlined below.
• Onboarding logs following logs onboarding guidelines and process.
• Identifying prerequisites for log sources to be onboarded (technology, versions, etc.).
• Defining the connectors setup and ensuring the setup of all IP configurations.
• Requesting and following up on the opening of the necessary firewall flows.
• Providing guidance on configuring the source devices according to logging standard.
• Validating that events from log sources are received and troubleshooting when necessary.
• Communicating on the progress and blocking points.
• Identifying optimization opportunities within the log onboarding process, focusing on streamlining workflows and enhancing efficiency.
• Exploring automation opportunities to improve the log onboarding process, reducing manual interventions and increasing accuracy.
• Formalize and maintain documentation for log sources onboarding.
• For new technology, gather relevant information from the configuration guides related to the log sources technology and from the contacts managing the platform.
• Define based on the collected information with the Security Monitoring and Detection and Security Incident Response teams the relevant logs to be collected.
• Document and maintain the logging standards, the connectors configuration and the mapping tables.
• Manage the delivery of entities onboarding demands and ad-hoc projects.
• Drive end to end log onboarding demands/projects in coordination with entities, projects stakeholders, third party log onboarding team: understand the onboarding requirements, manage prioritisations and capacities.
• Ensure the delivery from the third-party log onboarding team is in line with the onboarding requirements including relevant documentation.
• Participate in demand requests and projects as a subject matter expert contributing to proposal and scoping, solution design.
• Liaise with the SIEM Platform Management team to ensure continuous integration within AXA environment.
• Enable the information exchange and communication flow among the teams that implement SIEM Platform configuration change.
• Perform tracking and documentation of all the change activity (i.e. on-boarding, connector configuration adjustment, etc.).
• Perform regular coordination to exchange information on the planned onboarding, identified issues, etc.

• Experience in IT > 5 years
• A Degree in Computing, IT or Engineering

Technical skills

• Leadership skills to guide and inspire team members
• Strong knowledge of Linux and Windows environments
• Eagerness to learn and understand new technologies
• Ability to function effectively in a matrix structure
• Team player with a professional and positive approach
• Strong "can-do" attitude and willingness to go the extra mile
• Cross-cultural sensitivity and flexibility