The job profile for this position is Information Protection Senior Advisor, which is a Band 4 Senior Contributor Career Track Role.
Excited to grow your career?
We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!
Our people make all the difference in our success.
Summary
This position is best suited for an experienced SIEM engineer with a proven understanding of enterprise security. The successful candidate will possess deep technical knowledge on a number of security technologies; have a solid understanding of information security and networking, and extensive experience interacting with customers. The SIEM Engineer is responsible for delivery of client specific SIEM management solutions. The SIEM Engineer serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team. The primary focus for this role is to act as a Subject Matter Expert for SIEM and CRIBL technology and be able to configure, manage, operate and administrate the platforms.
Essential Duties and Responsibilities
• Administration, CIM mapping and platform management of a Splunk / Splunk SaaS Platform
• Enrolling log sources, administration, content development and working with SIEM customers/stakeholders across the globe
• Build new capabilities and installation of new applications from the app exchange to extend functionality
• Monitor the impact of deploying new content to the health and performance of the SIEM
• Creation and improvement of security policies, processes and procedures and other SIEM related documentation
• Lead logging enrollments from multi-tier applications into the enterprise logging platforms
• Modify existing parsers, as well as implement and test custom parsers and log source extensions in order to capture and correlate events from non-standard log sources
• Evaluate deployment to identify flaws and key areas for improvement in effort to maintain an optimal SIEM operating environment
• Comprehend error logs and act as escalation point for underlying event collection and correlation components
• Experience with Linux or CentOS
• Understanding of regular expressions (Regex) and Python scripting
• Knowledge in the following areas is a plus: Perl and shell scripting, Docker, ELK, Hadoop
• Ability to isolate problems between hardware and software and provide information to appropriate development team(s)
• Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution
• Superior written and verbal communication skills are a must
• Must be able to work in a fast-paced technical environment and sophisticated cyber-security products with frequent product releases and updates
Core Competencies Desired
• Expert level administrative and engineering experience with Splunk and Splunk SaaS
• 5+ years security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis.
• 3+ years with SIEM and UEBA technologies
• Investigates, interprets, and responds to technical and/or complex IT security data.
• Demonstrated ability to work with matrixed resources in a team environment.
• Must have excellent oral and written communication skills
• Ability to ensure activities are in alignment with the business objectives and risk management framework
• Strong technical skills, which may include experience with Linux and Window operating systems and scripting languages like Python.
• Ability to anticipate, recognize, and resolve technical (hardware, software, application or operational) problems.
• Working knowledge of Linux, LDAP, TCP/IP networking stack, and regular expressions
• Some SANS Training completed
Qualifications
Bachelors degree in Computer Science or a related discipline, at least eight, typically twelve or more years of solid, diverse work experience in IT, or the equivalent in education and work experience.
One or more of the following certifications is preferred: CISSP, CCNA Security +, AWS Security, CCNP Security, CCIE, CCSP, CCIE, CCA, ITIL
If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
Please note that you must meet our posting guidelines to be eligible for consideration. Policy can be reviewed at this link.
Tagged as: Senior advisor