The SIEM Engineer will design, develop, test and implementation of Security logging solutions. The Security data platform is the repository for the collection, storage and correlation event data across the enterprise. It must rapidly identify, prioritize, and respond to various security events, compliance violations, policy breaches, cyber security attacks, and insider threats. The successful candidate will work within the Security Incident Response team, in partnership with Architecture, Security Operations and Lines of businesses, in a hands-on environment; working with numerous and varied applications. The successful candidate will have a strong combination of practical networking, firewall management, proxy solutions, information technology, and security skills.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Performs all administration, management, configuration, testing, and integration tasks related to the SIEM platform to include content creation, maintenance, and administration tasks.
- Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, log throughput validation and lifecycle management of the SIEM/Log Management platforms.
- Provide technical inputs to management during proof-of-concept reviews for new security products.
- Provide technical guidance to the Security Operations Center and/or the lines of businesses during investigations or incident response.
- Vocational or Bachelors’ Degree in Computer Science or equivalent through a combination of education and work experience.
- 3+ years hands on IT security engineering and/or architectureexperience.
- Direct experience working with Security Incident and Event Management (SIEM) to include logging and monitoring.
- Proven ability to support large scale event logging solutions (ArcSight, QRadar, LogRythm…)
- Strong knowledge of multiple security platform administration and/or engineering
- Experience in engineering design and/or implementing complex Big Data management solutions.
- Experience with and in a Hadoop or large data access (ELK/Elastic) ecosystem specific to configuration and data management.
- Understanding of Network Firewalls, Load-balancers, and complex network designs.
- Understanding of Unix/Linux and Windows operating systems.
- Good command on Python, Perl, SQL, Regex and/or Shell scripting is required.
- Experience installing and maintaining Syslog-NG, windows Snare and MSCOM is preferred.
- Must have knowledge of enterprise systems and infrastructure along with a business process improvement mindset with a drive for controls, automation and efficiency
- Able to work under pressure in time critical situations.
- Excellent written and verbal communication skills are required. Ability to communicate effectively with business representatives in explaining impacts and strategies when necessary.