I am looking for a developer skilled in Microsoft O365, Azure AD, Splunk/OMS and REST API interested in working with me to develop a new cybersecurity service. Much like a traditional SIEM, this service will act as a SIEM for a number of Microsoft O365 tenants simultaneously. The end goal is to develop ONE interface for our SOC to monitor NUMEROUS Microsoft O365 tenants’ security activity.
The development of this product involves two stages (you can bid on either or both stages):
1. Data-collection development phase: Through Microsoft Management Activity API(and other API’s) or SIEM export, develop a script that will gather & stream security audit logs, activity data and alerts from each tenant (Azure AD, Audit Log search, Azure ATP, Microsoft Intelligent security graph, etc.) and import into databases such as Splunk or OMS while keeping tenant ID attached with each data entry.
Deadline: August 10, 2018
2. Interface development phase: Creating an easy to use interface for our SOC to manage and monitor each tenants’ security activity on tenant’s behalf. This interface can monitor more than one tenant simultaneously. This web/app interface will pull data from the database and display it for visualization and ease of interpretation.
Deadline: August 31, 2018
This product centralizes multiple tenants’ cybersecurity needs for Microsoft O365 onto one simple interface helping companies streamline their cybersecurity screening process efficiently and cost-effectively.
You will be working closely with me as we develop this new product together over the next few months. If you are interested in this assignment, please send me a resume with references attached. It helps if you have had experiences with previous projects related to what was described above. Please share how you would proceed with this project if hired. (be as detailed as possible)