Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Cloud and Security solutions to create agile, secure infrastructure platforms for middle-market customers. We deliver this technology expertise through a full life cycle model of professional, managed, and support services including strategy, consulting, implementation and design. By taking the time to deeply understand how our clients define success, we help them harness technology advances, simplify IT complexity and optimize their environments today while enabling future applications, user experiences, and revenue models. As of June 30, 2018, we serve approximately 8,000 middle-market, large, and government organizations across a diverse range of industries. Approximately 2,900 Presidio professionals, including more than 1,600 technical engineers, are based in 60+ offices across the United States in a unique, local delivery model combined with the national scale of a $2.8 billion dollar industry leader. We are passionate about driving results for our clients and delivering the highest quality of service in the industry. Presidio is majority owned by affiliates of investment funds managed by affiliates of Apollo Global Management, LLC (NYSE:APO).
The Senior Security Engineer will administer, operate, and maintain the SIEM environment of the Intelligent Security Command Center (ISCC). You possess the capability to work effectively in a result driven environment, both independently and as a team member and the ability to interact well with all levels of management and technical resources. Self-motivation and dedication to objectives is essential. The position will be participating on an on-call rotation and may be called upon to work off-hours to support customer escalations. The candidate will be expected to interact with customers, peers and management via phone, IM, video, and email to ensure customer issues are resolved per contracted SLA’s related to the Managed Security Solutions.
- You will administer, operate, and maintain LogRhythm SIEM environment, including installation, configuration, tuning, and maintenance of SIEM components
- Upgrade and patch the SIEM and other security platforms to the latest versions
- Work with internal customers to successfully monitor data sources to meet their organization requirements
- Develop processes and documentation to magnify the benefits of existing tools
- Perform security gap analysis in support of new products as well as the tuning of existing tools
- Work with internal customers to develop requirements to meet their security objectives related to Log Management and SIEM
- Create collaborative environment that encourages growth and information sharing including mentoring and educating team members
- Review current reporting and compliance goals, and verify reports to ensure they are meeting these goals
- Provide the highest level of support for SIEM environment
- We seek a B.S. Degree in Computer Science or the equivalent work and/or military experience which includes 5 years’ applicable experience in the IT industry.
- We seek 2 plus years of Information Security experience along with 2 years engineering experience creating correlation, dashboard, and reporting content using SIEM
- You have a minimum of 1 year of administrative experience deploying, configuring, troubleshooting, and maintaining LogRhythm SIEM components
- We seek advanced knowledge of content creation concepts and best practices as well as networking experience
- Excellent problem-solving and technical skills
- Prior experience with any combination of the following: Syslog, TCP/IP, Networking, Linux/Unix, Windows, Active Directory, Event Analysis, NIST standards and guidelines, Database Activity Monitoring, MS SQL, Oracle, SAN architecture, firewalls, IPS/IDS, A/V, advanced networking
- We seek previous experience planning, scaling, implementing, monitoring, and troubleshooting a SIEM environment
- You possess a strong knowledge of core security principles and tool management that is product agnostic
- We seek high analytical skills. You will be able to perform analysis and tuning of all incoming securityevents for threat detection, and increase the efficiency of processing, maximize true threat identification, and ensure accurate reports for auditing. You are capable of drawing meaningful conclusions from reported events, and implement appropriate reporting.
- You understand the business and technical requirements, architecture and design specifications and developing the associated content and documentation.
Additional Knowledge, Skills, and Abilities Preferred:
- You possess strong communication skills and client focus
- You have the ability to communicate technical information in using non-technical language
- Previous experience or aptitude to be successful in an Administration and Operations capacity
- Ensure that new products and services are supported by the ISCC and that newly defined processes and procedures are trained and understood by the team.
- You are able to identify risks and translate that information to non-securityinternal/external teams
- You stay current with latest threat information from vendor partners
- You collaborate with customers to help identified risks and business security requirements for alerting
- Develop and maintain productive business partner and vendor relationships to ensure the convergence of business, technical and security requirements
- You assist business partners with the evaluation and communication of information security issues and development of business processes and technical solutions that reduce risk
- Provide support and guidance on legal and regulatory compliance efforts, including internal/external audit.
- Recommends and coordinates the implementation of administrative and technical controls to support and enforce defined security policies
- Support operational risk management activities with risk evaluation and treatment recommendations
- Support internal and external business partners through coordination, development, and execution of security related activities
- Support the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security
- Research, evaluate, design, recommend and plan the implementation of information security technology and processes, and analyzes its impact on the existing environment