This Job Vacancy has Expired!

manager Security Data Analytics (SIEM)

Request Technology - Robyn Honquest

Posted on Feb 14, 2021 by Request Technology - Robyn Honquest

Northbrook, IL 60062
Immediate Start
$135k - $150k Annual

Manager Security Data Analytics (SIEM)

Looking for a candidate to manage 12 to 13 people. You will manage over data analytics, security, SIEM, Incident and event management serves. You will be a subject matter expert related to Splunk and content development. This is including forwarding architecture indexing.

Key Responsibilities

  • Responsible for overall security data analytics strategy within the Global Security Fusion Center
  • Provide day-to-day oversight of SIEM and data analytics teams
  • Coordinates with Incident Handling, Threat Hunt, Data Protection, Threat Intelligence, Vulnerability Management, and Intelligence Information & Reporting teams as well as other teams to provide consistent quality of data analysis across the GSFC portfolio
  • Partners with technology teams, including Data Discovery & Decision Science, Monitoring & Analytics Engineering, and Systems Engineering teams to implement and delivery best-of-breed data analytics solutions
  • Serves as subject matter expert related to Splunk and content development
  • Champions the implementation of enterprise-wide logging and monitoring initiatives
  • Periodically reviews saved searches and notable content to ensure ongoing quality
  • Leads weekly SIEM stakeholder meetings to understand and prioritize ongoing quality and continuous improvement activities
  • Supervises the creation and management of dashboards showing overall status of GSFC data inputs and outputs/products
  • Responsible for overall quality of alerting and escalation
  • Asset alignment
  • Risk/priority of alerts
  • Accuracy and tuning
  • Actively communicates with management and executive leadership over the operational status, performance, issues, remediation, as well as overall execution of projects and initiatives relating to security monitoring
  • Develops and maintains documentation of technology and process across monitoring functions as well as alignment with upstream and downstream providers/consumers of monitoring services
  • Develops and maintains current long-term (portfolio) and short-term (program increment) roadmaps across planning levels
  • Mentors and coaches staff, including:
    • Providing feedback to staff in regular 1-on-1's
    • Rating and providing performance reviews to staff
    • Preparing development plans and aligning development resources in partnership with Learning & Development teams
    • Develops self, team, and staff technical skills in anticipation and response to evolving business needs


  • Bachelor's Degree
  • 7 or more years of related experience
  • Advanced understanding of security operations and security incident & event management
  • Basic understanding of vulnerability management, threat intelligence, penetration testing, data protection, and threat hunting functions
  • Advanced knowledge of Splunk, including forwarding architecture, indexing architecture, and search architecture, information models, as well as query preparation, query analysis, and query performance
  • Understanding of contemporary data analytics approaches, including expert systems and machine learning
  • Demonstrated, clear, concise, and effective oral and written communication skills
  • Understanding of technology asset management, inventory and/or configuration management database (CMDB) technologies
  • Comprehensive understanding of three or more core Allstate technologies/technology platforms, such as
  • Windows, Linux, AS400, Mainframe operating systems endpoint security
  • J2EE or .NET web applications and associated technology stacks
  • Pivotal cloud foundry
  • Containers & orchestration
  • Identity & access management (AD, LDAP, interactive and non-interactive vaulting, web-associated identity technologies/protocols such as SAML, OAuth2, OIDC and one or more major implementations)
  • IEEE 802 series networks and associated IETF networking standards
  • Intrusion detection and prevention technologies
  • Cloud technology (AWS or Azure)
  • Data lakes, including storage (Hadoop, S3/S3-alike, and similar) and search technologies
  • CI/CD automation
  • Modern cryptography or applications of cryptographic methods (incl TLS), and especially of the role of monitoring of cryptographic operations
  • Understanding of cyber-security risk management practices
  • Understanding of expense and resource management processes they relate to corporate cards, travel policy, Allstate-issued equipment, project funding, expense plans, discretionary, semi-discretionary and non-discretionary work, and knowledge of cost centers and internal orders
  • Possess a solid understanding of and openly support and embrace change, approach change in a factual, positive and constructive manner, make effective and accurate decisions in a fast-changing environment, show flexibility and open-mindedness when priorities and goals change, plan and estimate future work efficiently, and anticipate problems and obstacles in sufficient time to minimize impact
  • Demonstrated ability to manage an internationally distributed team of 5+ personnel in a follow-the-Sun operating model
  • Ability to thrive and provide leadership under circumstances of technology and business uncertainty
  • Ability to work over forty hours as needed and ability to support incident handling during non-business hours
  • Ability to travel at least 10%

Job Qualifications

  • Bachelor's or advanced degree in Computer Science, Statistics, or Mathematics
  • Professional certification or commensurate experience
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience working with large, decentralized software development organizations
  • Experience with governance, risk, and compliance (GRC) processes, including standards-writing, risk analysis, and compliance assessment and remediation, and specifically
  • NYDFS or other state regulatory frameworks
  • Sarbanes Oxley
  • Knowledge of IT monitoring, including performance, availability, tracing, or debugging
  • Platform-associated technology certifications (RedHat, Windows, Cisco, Palo Alto, etc.)
  • Project management certifications (PMP, Scaled Agile, etc.)
  • Experience with technical implementation and operations/maintenance of Splunk
  • Experience with Elastic, Logstash, Datadog, Exabeam, Securonix, QRadar, LogRhythm, or other SIEM technology platforms
  • Experience with vendor relationship management
  • Competency at Scripting and automation in a contemporary language/framework, such as Python, Go, Bourne Shell
  • Familiarity with data science platforms such as Jupyter
  • Experience leading a team of 15+ resources

Reference: 1096396604

Set up alerts to get notified of new vacancies.