Manager Security Data Analytics (SIEM)

Manager Security Data Analytics (SIEM)

Looking for a candidate to manage 12 to 13 people. You will manage over data analytics, security, SIEM, Incident and event management serves. You will be a subject matter expert related to Splunk and content development. This is including forwarding architecture indexing.

Key Responsibilities

• Responsible for overall security data analytics strategy within the Global Security Fusion Center
• Provide day-to-day oversight of SIEM and data analytics teams
• Coordinates with Incident Handling, Threat Hunt, Data Protection, Threat Intelligence, Vulnerability Management, and Intelligence Information & Reporting teams as well as other teams to provide consistent quality of data analysis across the GSFC portfolio
• Partners with technology teams, including Data Discovery & Decision Science, Monitoring & Analytics Engineering, and Systems Engineering teams to implement and delivery best-of-breed data analytics solutions
• Serves as subject matter expert related to Splunk and content development
• Champions the implementation of enterprise-wide logging and monitoring initiatives
• Periodically reviews saved searches and notable content to ensure ongoing quality
• Leads weekly SIEM stakeholder meetings to understand and prioritize ongoing quality and continuous improvement activities
• Supervises the creation and management of dashboards showing overall status of GSFC data inputs and outputs/products
• Responsible for overall quality of alerting and escalation
• Asset alignment
• Risk/priority of alerts
• Accuracy and tuning
• Actively communicates with management and executive leadership over the operational status, performance, issues, remediation, as well as overall execution of projects and initiatives relating to security monitoring
• Develops and maintains documentation of technology and process across monitoring functions as well as alignment with upstream and downstream providers/consumers of monitoring services
• Develops and maintains current long-term (portfolio) and short-term (program increment) roadmaps across planning levels
• Mentors and coaches staff, including:
• Providing feedback to staff in regular 1-on-1's
• Rating and providing performance reviews to staff
• Preparing development plans and aligning development resources in partnership with Learning & Development teams
• Develops self, team, and staff technical skills in anticipation and response to evolving business needs
  

Requirements

• Bachelor's Degree
• 7 or more years of related experience
• Advanced understanding of security operations and security incident & event management
• Basic understanding of vulnerability management, threat intelligence, penetration testing, data protection, and threat hunting functions
• Advanced knowledge of Splunk, including forwarding architecture, indexing architecture, and search architecture, information models, as well as query preparation, query analysis, and query performance
• Understanding of contemporary data analytics approaches, including expert systems and machine learning
• Demonstrated, clear, concise, and effective oral and written communication skills
• Understanding of technology asset management, inventory and/or configuration management database (CMDB) technologies
• Comprehensive understanding of three or more core Allstate technologies/technology platforms, such as
• Windows, Linux, AS400, Mainframe operating systems endpoint security
• J2EE or .NET web applications and associated technology stacks
• Pivotal cloud foundry
• Containers & orchestration
• Identity & access management (AD, LDAP, interactive and non-interactive vaulting, web-associated identity technologies/protocols such as SAML, OAuth2, OIDC and one or more major implementations)
• IEEE 802 series networks and associated IETF networking standards
• Intrusion detection and prevention technologies
• Cloud technology (AWS or Azure)
• Data lakes, including storage (Hadoop, S3/S3-alike, and similar) and search technologies
• CI/CD automation
• Modern cryptography or applications of cryptographic methods (incl TLS), and especially of the role of monitoring of cryptographic operations
• Understanding of cyber-security risk management practices
• Understanding of expense and resource management processes they relate to corporate cards, travel policy, Allstate-issued equipment, project funding, expense plans, discretionary, semi-discretionary and non-discretionary work, and knowledge of cost centers and internal orders
• Possess a solid understanding of and openly support and embrace change, approach change in a factual, positive and constructive manner, make effective and accurate decisions in a fast-changing environment, show flexibility and open-mindedness when priorities and goals change, plan and estimate future work efficiently, and anticipate problems and obstacles in sufficient time to minimize impact
• Demonstrated ability to manage an internationally distributed team of 5+ personnel in a follow-the-Sun operating model
• Ability to thrive and provide leadership under circumstances of technology and business uncertainty
• Ability to work over forty hours as needed and ability to support incident handling during non-business hours
• Ability to travel at least 10%
  

Job Qualifications

• Bachelor's or advanced degree in Computer Science, Statistics, or Mathematics
• Professional certification or commensurate experience
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Experience working with large, decentralized software development organizations
• Experience with governance, risk, and compliance (GRC) processes, including standards-writing, risk analysis, and compliance assessment and remediation, and specifically
• NYDFS or other state regulatory frameworks
• PCI-DSS
• Sarbanes Oxley
• Knowledge of IT monitoring, including performance, availability, tracing, or debugging
• Platform-associated technology certifications (RedHat, Windows, Cisco, Palo Alto, etc.)
• Project management certifications (PMP, Scaled Agile, etc.)
• Experience with technical implementation and operations/maintenance of Splunk
• Experience with Elastic, Logstash, Datadog, Exabeam, Securonix, QRadar, LogRhythm, or other SIEM technology platforms
• Experience with vendor relationship management
• Competency at Scripting and automation in a contemporary language/framework, such as Python, Go, Bourne Shell
• Familiarity with data science platforms such as Jupyter
• Experience leading a team of 15+ resources