SIEM Engineer - remote
Posted on Feb 23, 2021 by E-Frontiers
Seeking an experienced Senior Information Security Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our technology initiatives.
Job Description: The SIEM Engineer is a critical role within the Cyber Defense Department supporting the Security Information and Event Management (SIEM) platform. This individual will be focused on supporting our Global Security Operations Center and Computer Security Incident Response teams by building and tuning security alerts, reports and assisting with use of the SIEM for Real Time investigation and analysis. Additional responsibilities include implementing organizational policies, maintaining the health, performance, stabilization and ongoing support of the SIEM infrastructure, and partnering with other Cyber Defense teams in integrating security solutions with the SIEM.
- Design, building, testing and implementation of security alerts and reports using knowledge of event source logs and network packet data.
- Partner with Global Security Operations Center (GSOC) and Computer Security Incident and Response (CSIRT) teams to tune out false positives from alerts.
- Improve the ability to build complex security alerts by making and implementing recommendations on event source coverage, log and packet meta-tagging, and log and packet filtering.
- Design and build dashboards in the SIEM.
- Assist users of the SIEM in Real Time investigation and analysis.
- Evaluates and recommends new and emerging security products and technologies.
- Stay abreast of current technologies, security compliance requirements, standards and industry trends in order to help achieve the goals of the department.
- Research and document security best practices to continually improve the deployment and use of the SIEM.
- Maintain the health, performance, stabilization, tuning and ongoing planning of the SIEM platform.
- Support the SIEM platform and participate in on-call rotation
- Partners with groups within the organization to ensure successful deployments of the SIEM (eg, Business lines, Network Operations, Database Mgmt, Risk Mgmt, Audit and Compliance, other ISS teams, Mid-Range Server Teams, Mainframe server teams, etc.)
- Partners with other Cyber Defense teams in the integration of security tools with the SIEM.
- Performs the daily operation and execution of security-related tools, processes and controls related to cyber defense initiatives.
- Looks for ways to optimize security process and recommends opportunities and solutions for improvement and automation.
- Supports and mentors other members of the team.
- Supports and participates in incident response and technical investigations as needed.
- Ensures adherence to compliance regulations and policies. Works to develop and interpret security policies and procedures.
- Supports acquisition and vendor risk assessment due diligence.
- Participate in disaster recovery exercises It is the individual responsibility of every employee to maintain a current awareness and understanding of and to fully comply with our "Code of Ethics". Each employee is also expected to maintain an awareness of the banking laws, regulations, internal policies and procedures that are appropriate for his/her position.
Qualifications Required Skills
- Advanced experience with Esper and Event Processing Language (EPL)
- Advanced experience with complex event processing (CEP)
- Experience with RSA NetWitness, however advanced experience with other SIEM technologies, will be considered. (ArcSight, QRadar, AlienVault, LogRhythm, Splunk).
- Expert experience in log data analysis for identifying malicious behavior and security threats.
- Advanced to expert experience in network packet analysis for identifying malicious behavior and security threats.
- Ability to recognize security events of interest that may require improved detection/alerting capabilities.
- Hands on experience with Linux administration (CentOS preferred but not required).
- Advanced experience with both structured (relational) and unstructured databases.
- Advanced experience with process automation and/or Scripting (ie XML, C+, VBA, Regular Expressions, python, Pearl, etc)
- 6+ years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
- Familiarity with common industry best practices (ITIL, SDLC, AGILE, COBIT)
- Experience with Windows and Linux/Unix Servers
- Experience with SNMP, Syslog, WinRM, etc.
- Strong attention to detail and process.
- Excellent organizational, time management and interpersonal skills
- Security certification such as CISSP, GIAC, etc..
- Project Management skills.
- Security and IT Metrics experience a plus.
- Understanding and application of NIST or other security control frameworks.
- Experience with RabbitMQ, Puppet, MongoDB.
- Experience using the Attack MITRE Framework
- Security Experience with Cloud Technologies (Azure, AWS)
- Experience in IAAS PAAS SAAS a plus