This Job Vacancy has Expired!

Manager Security Data Analytics (SIEM)

Posted on Feb 6, 2021 by Request Technology

Northbrook, IL 60062
Immediate Start
$135k - $150k Annual

A prestigious fortune 500 company is on the search for a Manager Security Data Analytics (SIEM). This position will manage 12 to 13 people. They will work with data analytics security and work with SIEM incident and event management. They will be the SME for everything related to Splunk and have advanced knowledge of Splunk, including forwarding architecture, indexing architecture, and search architecture, information models, as well as query preparation, query analysis, and query performance. This person needs cloud experience with AWS, Azure, and data lakes.

Key Responsibilities

  • Responsible for overall security data analytics strategy within the Global Security Fusion Center
  • Provide day-to-day oversight of SIEM and data analytics teams
  • Coordinates with Incident Handling, Threat Hunt, Data Protection, Threat Intelligence, Vulnerability Management, and Intelligence Information & Reporting teams as well as other teams to provide consistent quality of data analysis across the GSFC portfolio
  • Partners with technology teams, including Data Discovery & Decision Science, Monitoring & Analytics Engineering, and Systems Engineering teams to implement and delivery best-of-breed data analytics solutions
  • Serves as subject matter expert related to Splunk and content development
  • Champions the implementation of enterprise-wide logging and monitoring initiatives
  • Periodically reviews saved searches and notable content to ensure ongoing quality
  • Leads weekly SIEM stakeholder meetings to understand and prioritize ongoing quality and continuous improvement activities
  • Supervises the creation and management of dashboards showing overall status of GSFC data inputs and outputs/products
  • Responsible for overall quality of alerting and escalation
  • Asset alignment
  • Risk/priority of alerts
  • Accuracy and tuning
  • Develops and maintains current long-term (portfolio) and short-term (program increment) roadmaps across planning levels
  • Mentors and coaches staff, including:
  • Providing feedback to staff in regular 1-on-1's
  • Rating and providing performance reviews to staff
  • Preparing development plans and aligning development resources in partnership with Learning & Development teams
  • Develops self, team, and staff technical skills in anticipation and response to evolving business needs

Job Requirements

  • Bachelor's Degree in business, engineering, or technology, or equivalent experience
  • 7 or more years of related experience
  • Advanced understanding of security operations and security incident & event management
  • Basic understanding of vulnerability management, threat intelligence, penetration testing, data protection, and threat hunting functions
  • Advanced knowledge of Splunk, including forwarding architecture, indexing architecture, and search architecture, information models, as well as query preparation, query analysis, and query performance
  • Understanding of contemporary data analytics approaches, including expert systems and machine learning
  • Demonstrated, clear, concise, and effective oral and written communication skills
  • Understanding of technology asset management, inventory and/or configuration management database (CMDB) technologies
  • Comprehensive understanding of three or more core Company technologies/technology platforms, such as
  • Windows, Linux, AS400, Mainframe operating systems endpoint security
  • J2EE or .NET web applications and associated technology stacks
  • Pivotal cloud foundry
  • Containers & orchestration
  • Identity & access management (AD, LDAP, interactive and non-interactive vaulting, web-associated identity technologies/protocols such as SAML, OAuth2, OIDC and one or more major implementations)
  • IEEE 802 series networks and associated IETF networking standards
  • Intrusion detection and prevention technologies
  • Cloud technology (AWS or Azure)
  • Data lakes, including storage (Hadoop, S3/S3-alike, and similar) and search technologies
  • CI/CD automation
  • Modern cryptography or applications of cryptographic methods (incl TLS), and especially of the role of monitoring of cryptographic operations

Job Qualifications

  • Bachelor's or advanced degree in Computer Science, Statistics, or Mathematics
  • Professional certification or commensurate experience
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience working with large, decentralized software development organizations
  • Experience with governance, risk, and compliance (GRC) processes, including standards-writing, risk analysis, and compliance assessment and remediation, and specifically
  • NYDFS or other state regulatory frameworks
  • Sarbanes Oxley
  • Knowledge of IT monitoring, including performance, availability, tracing, or debugging
  • Platform-associated technology certifications (RedHat, Windows, Cisco, Palo Alto, etc.)
  • Project management certifications (PMP, Scaled Agile, etc.)
  • Experience with technical implementation and operations/maintenance of Splunk
  • Experience with Elastic, Logstash, Datadog, Exabeam, Securonix, QRadar, LogRhythm, or other SIEM technology platforms
  • Experience with vendor relationship management
  • Competency at Scripting and automation in a contemporary language/framework, such as Python, Go, Bourne Shell
  • Familiarity with data science platforms such as Jupyter
  • Experience leading a team of 15+ resources

Reference: 1086488449

Set up alerts to get notified of new vacancies.