software developer

  • location: Redmond, WA
  • type: Contract
  • salary: $30 - $40 per hour

job description

software developer

job summary:
Software Developer needed for contract opportunity with Randstad Technologies client in Redmond, WA.

Our client is looking for a software developer to assist with building a standalone feature for Azure Sentinel. This feature would be a rule translation engine, that takes rules from Splunk (a 3rd-party product) and translates it into KQL, the language used for rules in Azure Sentinel.

Scope:

- Rule translation engine will allow customers to copy/paste their existing SPL rules, and receive a suggested KQL detection

- The rules translation engine will identify which data sources are being referenced within the original SPL rule

- The rule translation engine will have three possible outputs:

? Successful rule translation: KQL detection

? Failed rule translation: flagged section of SPL where failure occurred and reasoning/details for failure, to enable user to troubleshoot

? All attempts: summary of data sources being used within the rule, and suggestion to add them to Sentinel

- Rule translation engine will be one-directional: it can only translate SPL > KQL, not the reverse

- Rule translation engine will allow the user to add the newly translated KQL detection to their Sentinel Analytics blade, for immediate use

- Rule translation engine will live within Sentinel, and won't need access to the user's Splunk instance for translation activity

Preferred:

Query Wizards, SOC analysts or security engineers who have experience writing rules for XYZ languages.

Top 3 must-have hard skills

Proficiency in SPL (Splunk Processing Languages) 3+

Proficiency in KQL 3+

Experience writing alert or rules for security information and event monitoring 3+

 
location: Redmond, Washington
job type: Contract
salary: $30 - 40 per hour
work hours: 8am to 5pm
education: Bachelors
 
responsibilities:
Rule translation engine will be one-directional: it can only translate SPL > KQL, not the reverse

- Rule translation engine will allow the user to add the newly translated KQL detection to their Sentinel Analytics blade, for immediate use

- Rule translation engine will live within Sentinel, and won't need access to the user's Splunk instance for translation activity

 
qualifications:
  • Experience level: Experienced
  • Minimum 3 years of experience
  • Education: Bachelors
 
skills:
  • front-end Angular Developer
  • Splunk (3 years of experience is preferred)
  • SPL (3 years of experience is preferred)
  • Keyword Query Language (3 years of experience is preferred)
  • KQL (3 years of experience is preferred)
  • query languages (3 years of experience is preferred)

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs



    Software Engineer

  • location: Redmond, WA
  • job type: Contract
  • salary: $44 - $54 per hour
  • date posted: 1/7/2020