Senior Engineer, Security Information & Event Management (SIEM)

ThisSenior Security Engineer will be part of the Cyber Analytics and Automation team for our Security Information and Event Management (SIEM) this role you will be responsible for designing implementing and maintaining the architecture of our SIEM and related platforms to enhance our cybersecurity posture. You will also leverage your expertise in data processing and routing platforms to provide specialized support for the development of advanced analytics to support our Insider Threat and Cyber Incident Response teams.

CANDIDATE PROFILE

Education and Experience

Required:

Bachelors degree in Computer Sciences or related field or equivalent experience/certification

7 years of experience in Information Technology including:

4 years of experience in an information security function

3 years of experience with Splunk

Splunk Cloud Certified Admin

Cribl Certified User

Demonstrated knowledge of the Unix/Linux command line and command line utilities.

Familiarity with cloud security threat intelligence platforms and modern security architectures.

Subject matter expert in management and hands-on implementation of SIEM solutions.

Strong level of familiarity with common enterprise infrastructure systems services and concepts pertaining to general networking next-gen firewalls endpoint protection IDS IPS vulnerability management Linux and Windows OS databases logging platforms.

Strong knowledge of AWS services especially around data storage (e.g. S3 Data Lake) and compute (e.g. EC2) related services.

Working knowledge of Infrastructure as Code tools (e.g. Terraform CloudFormation).

Working knowledge of IT and infrastructure automation tools (e.g. Ansible Puppet).

Working knowledge of container/container orchestration technologies (e.g. Docker Kubernetes AWS EKS).

Strong working knowledge of CI/CD process and tools.

Preferred:

Splunk Enterprise Certified Architect

Cribl Certified Admin Stream

Current Advanced information security certifications (e.g. CISSP CISM GIAC).

Familiarity (or greater) skill level in SQL

Background in IT security/systems administration or IT security/systems engineering

Working knowledge of frameworks such as MITRE ATT&CK NIST CSF and ISO/IEC 27001.

Experience with scripting/programming (Python PowerShell etc.) and automation.

Hands-on experience with the configuration and management of Rsyslog or Syslog-ng

Project management skills with an understanding of core Agile principles

Detail oriented work style well versed in ITIL best practices for security systems engineering lifecycle management and service delivery.

CORE WORK ACTIVITIES

Strategic Leadership:

Designs engineers and implements solutions and integrations to meet security requirements pertaining to logging and monitoring functions.

Analyzes and manages performance and health of SIEM platform and requisite services.

Provides technical oversight standardization and regular review of SIEM platform and requisite services for compliance with security and privacy policies.

Participates in the evaluation and selection of security service products.

Utilizes capability modeling to align systems strategy and planning with business strategy and goals.

Provides tactical direction to stakeholders pertinent to security logging and monitoring functions.

Technical Execution:

Provides tier-3 support for operational escalations or technical issues impacting SIEM or related platforms.

Collaborate with Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities.

Develops and maintains architectural diagrams for newly onboarded security tools.

Develop analytics correlation searches dashboards reports and alerts within the SIEM and related platforms.

Provides after hours support as needed during on-call rotation.

Collaboration and Communication:

Works closely with Security Architecture Security Engineering Threat Intelligence and the Cyber Incident Response Team to help develop solutions to address emerging threats support requested service enhancements and to support the development of new threat detection use cases.

Coordinates with service providers on infrastructure management and maintenance operations.

Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.

Attend SCRUM and prioritization meetings to review and update deliverables.

Produces and regularly updates documentation for SIEM service management and SOPs pursuant to security and privacy policy.

Continuous Improvement:

Continuously evaluates the effectiveness of the SIEM and related platform and requisite services to identify operational improvements reduce costs increase performance and automate where possible.

Continuously evaluating searches scheduled searches and other activities to identify opportunities to optimize storage and compute and reduce costs.

Contribute to the development and refinement of detection engineering standards workflows and best practices.

Following best practices pertaining to lifecycle management.