The Senior Security Engineer will be responsible to administer, operate, and maintain the SIEM environment of the Intelligent Security Command Center (ISCC). The successful candidate will have the capability to work effectively in a result driven environment, both independently and as a team member and the ability to interact well with all levels of management and technical resources. Self-motivation and dedication to objectives is essential. The position will be participating on an on-call rotation and may be called upon to work off-hours to support customer escalations. The candidate will be expected to interact with customers, peers and management via phone, IM, video, and email to ensure customer issues are resolved per contracted SLA’s related to the Managed Security Solutions.
- You will administer, operate, and maintain LogRhythm SIEM environment, including installation, configuration, tuning, and maintenance of SIEM components
- Upgrade and patch the SIEM and other security platforms to the latest versions
- Work with internal customers to successfully monitor data sources to meet their organization requirements
- Develop processes and documentation to magnify the benefits of existing tools
- Perform security gap analysis in support of new products as well as the tuning of existing tools
- Work with internal customers to develop requirements to meet their security objectives related to Log Management and SIEM
- Create collaborative environment that encourages growth and information sharing including mentoring and educating team members
- Review current reporting and compliance goals, and verify reports to ensure they are meeting these goals
- Provide the highest level of support for SIEM environment
- We seek a Bachelor's Degree in Computer Science or the equivalent work and/or military experience along with a minimum of 5 years’ applicable experience in the IT industry.
- We seek a minimum of 2+ years of Information Security experience
- You have 1+ years administrative experience deploying, configuring, troubleshooting, and maintaining LogRhythm SIEM components
- We seek 2+ years engineering experience creating correlation, dashboard, and reporting content using SIEM
- You have advanced knowledge of content creation concepts and best practices as well as networking experience
- We seek excellent problem-solving and technical skills
- Previous experience with any combination of the following: Syslog, TCP/IP, Networking, Linux/Unix, Windows, Active Directory, Event Analysis, NIST standards and guidelines, Database Activity Monitoring, MS SQL, Oracle, SAN architecture, firewalls, IPS/IDS, A/V, advanced networking
- We seek experience planning, scaling, implementing, monitoring, and troubleshooting a SIEM environment
- You possess knowledge of core security principles and tool management that is product agnostic
- You possess high analytical skills with the ability to perform analysis and tuning of all incoming securityevents for threat detection and increase the efficiency of processing, maximize true threat identification, and ensure accurate reports for auditing.
- You have the ability to draw meaningful conclusions from reported events, and implement appropriate reporting.
- Capable of understanding the business and technical requirements, architecture and design specifications and developing the associated content and documentation.
Basic Knowledge, Skills, and Abilities:
- You possess strong customer service skills and client focus
- You possess strong communications skills including the ability to communicate technical information in using non-technical language
- You have previous experience or aptitude to be successful in an Administration and Operations capacity
- Ensuring that new products and services are supported by the ISCC and that newly defined processes and procedures are trained and understood by the team.
- Has strong ability to identify risks and translate that information to non-securityinternal/external teams
- Ability to stay current with latest threat information from vendor partners
- Collaborates with customers to help identified risks and business security requirements for alerting
- Develops and maintains productive business partner and vendor relationships to ensure the convergence of business, technical and security requirements
- Assists business partners with the evaluation and communication of information security issues and development of business processes and technical solutions that reduce risk
- Provides support and guidance on legal and regulatory compliance efforts, including internal/external audit.
- Recommends and coordinates the implementation of administrative and technical controls to support and enforce defined security policies
- Supports operational risk management activities with risk evaluation and treatment recommendations
- Supports internal and external business partners through coordination, development, and execution of security related activities
- Supports the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security
- Researches, evaluates, designs, recommends, and plans the implementation of information security technology and processes, and analyzes its impact on the existing environment