This Job Vacancy has Expired!

Manager of SIEM and Security Data Analytics

Request Technology - Craig Johnson

Posted on Feb 6, 2021 by Request Technology - Craig Johnson

Charlotte, NC 28201
Immediate Start
$130k - $150k Annual

*Position is bonus eligible*

Prestigious Fortune 500 Company is currently seeking a Manager of SIEM and Security Data Analytics. Candidate will lead a team of data analysts/engineers that is responsible for understanding the Cybersecurity operational state and creating or escalating notable events for analysis, review, and remediation by incident handling and response, compliance, HR, or other teams. Candidate will be skilled in data analysis and critical thinking, and partners with technical and business stakeholders across the Global Security Operation Center and across the enterprise to develop deep understanding of and prioritize Cybersecurity events.


  • Responsible for overall security data analytics strategy within the Global Security Operations Center
  • Provide day-to-day oversight of SIEM and data analytics teams
  • Coordinates with Incident Handling, Threat Hunt, Data Protection, Threat Intelligence, Vulnerability Management, and Intelligence Information & Reporting teams as well as other teams to provide consistent quality of data analysis across the portfolio
  • Partners with technology teams, including Data Discovery & Decision Science, Monitoring & Analytics Engineering, and Systems Engineering teams to implement and delivery best-of-breed data analytics solutions
  • Serves as subject matter expert related to Splunk and content development
  • Champions the implementation of enterprise-wide logging and monitoring initiatives
  • Periodically reviews saved searches and notable content to ensure ongoing quality
  • Leads weekly SIEM stakeholder meetings to understand and prioritize ongoing quality and continuous improvement activities
  • Supervises the creation and management of dashboards showing overall status of data inputs and outputs/products
  • Responsible for overall quality of alerting and escalation
  • Asset alignment
  • Risk/priority of alerts
  • Accuracy and tuning
  • Actively communicates with management and executive leadership over the operational status, performance, issues, remediation, as well as overall execution of projects and initiatives relating to security monitoring
  • Develops and maintains documentation of technology and process across monitoring functions as well as alignment with upstream and downstream providers/consumers of monitoring services
  • Develops and maintains current long-term (portfolio) and short-term (program increment) roadmaps across planning levels
  • Mentors and coaches staff, including:
    • Providing feedback to staff in regular 1-on-1 s
    • Rating and providing performance reviews to staff
    • Preparing development plans and aligning development resources in partnership with Learning & Development teams
    • Develops self, team, and staff technical skills in anticipation and response to evolving business needs


  • Bachelors Degree in business, engineering, or technology, or equivalent experience
  • 7 or more years of related experience
  • Advanced understanding of security operations and security incident & event management
  • Basic understanding of vulnerability management, threat intelligence, penetration testing, data protection, and threat hunting functions
  • Advanced knowledge of Splunk, including forwarding architecture, indexing architecture, and search architecture, information models, as well as query preparation, query analysis, and query performance
  • Understanding of contemporary data analytics approaches, including expert systems and machine learning
  • Demonstrated, clear, concise, and effective oral and written communication skills
  • Understanding of technology asset management, inventory and/or configuration management database (CMDB) technologies
  • Comprehensive understanding of three or more core technologies/technology platforms, such as
  • Windows, Linux, AS400, Mainframe operating systems endpoint security
  • J2EE or .NET web applications and associated technology stacks
  • Pivotal cloud foundry
  • Containers & orchestration
  • Identity & access management (AD, LDAP, interactive and non-interactive vaulting, web-associated identity technologies/protocols such as SAML, OAuth2, OIDC and one or more major implementations)
  • IEEE 802 series networks and associated IETF networking standards
  • Intrusion detection and prevention technologies
  • Cloud technology (AWS or Azure)
  • Data lakes, including storage (Hadoop, S3/S3-alike, and similar) and search technologies
  • CI/CD automation
  • Modern cryptography or applications of cryptographic methods (incl TLS), and especially of the role of monitoring of cryptographic operations
  • Understanding of cyber-security risk management practices
  • Understanding of expense and resource management processes they relate to corporate cards, travel policy, issued equipment, project funding, expense plans, discretionary, semi-discretionary and non-discretionary work, and knowledge of cost centers and internal orders
  • Possess a solid understanding of and openly support and embrace change, approach change in a factual, positive and constructive manner, make effective and accurate decisions in a fast-changing environment, show flexibility and open-mindedness when priorities and goals change, plan and estimate future work efficiently, and anticipate problems and obstacles in sufficient time to minimize impact
  • Demonstrated ability to manage an internationally distributed team of 5+ personnel in a follow-the-Sun operating model
  • Ability to thrive and provide leadership under circumstances of technology and business uncertainty
  • Ability to work over forty hours as needed and ability to support incident handling during non-business hours

  • Professional certification or commensurate experience
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience working with large, decentralized software development organizations
  • Experience with governance, risk, and compliance (GRC) processes, including standards-writing, risk analysis, and compliance assessment and remediation, and specifically
  • NYDFS or other state regulatory frameworks
  • Sarbanes Oxley
  • Knowledge of IT monitoring, including performance, availability, tracing, or debugging
  • Platform-associated technology certifications (RedHat, Windows, Cisco, Palo Alto, etc.)
  • Project management certifications (PMP, Scaled Agile, etc.)
  • Experience with technical implementation and operations/maintenance of Splunk
  • Experience with Elastic, Logstash, Datadog, Exabeam, Securonix, QRadar, LogRhythm, or other SIEM technology platforms
  • Experience with vendor relationship management
  • Competency at Scripting and automation in a contemporary language/framework, such as Python, Go, Bourne Shell
  • Familiarity with data science platforms such as Jupyter
  • Experience leading a team of 15+ resources

Reference: 1086588502

Set up alerts to get notified of new vacancies.