Sr. SIEM Engineer (Splunk)
Access Talent Today, LLC
- Dallas, TX
Who we are looking for:
The Senior SIEM Engineer works as a member of the Cyber Operations Team. The primary focus for this role is to act as a Subject Matter Expert for Splunk and be able to configure, manage, operate and administrate the platform for managed SIEM.
The successful candidate will possess deep technical knowledge on a number of security technologies; have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM management solutions. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.
How you’ll make an impact:
- Subject matter expert for onboarding SIEM components for existing and new clients.
- Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
- Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
- Working experience with Threat intelligence teams to be able to interpret IOC’s and use them efficiently for alerting.
- Experience using multiple online sources in order to identify new threats
- Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
- Create technical documentation around the content deployed to the SIEM
- Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
- Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
- Manage appliance or virtual appliance OS and SIEM software.
- Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
- Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
- Perform formal Health Check and administrative password change.
- Perform formal Architectural Review.
- Create custom rules/rule modifications and custom reports/ report modifications as needed.
- Manage SIEM user accounts (create, delete, modify, etc.).
- Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
- Manage product enhancement/feature requests with vendors as needed.
- Perform software upgrades, updates, and patches as needed.
- Create client-specific Watch Lists if necessary.
- Perform technical account management duties for specific top-tier, strategic clients.
- Responsible for major SIEM client environmental changes including upgrades.
- Create custom documentation for internal and external needs.
- Responsible for mentoring and training of SIEM Engineer II employees
- Attend vendor-specific meetings and conferences for business and professional development.
- Responsible for testing and configuring new products and technologies.
- Assist with designing and documenting work processes within the SOC.
- Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or related field of study; or at least four years of related experience and/or training; or equivalent combination of education and experience preferred.
- Minimum 5 years Managed Security Services or Information Security experience required.
- Minimum 5 years of SIEM administration experience required.
- Minimum 3 year of Splunk administration, configuration and management required.
- Minimum 3 years SIEM engineering experience required.
- Security+, CISSP, GCIH, GCIA, GPEN, CEH and or other industry certifications preferred.
- Must have Splunk Enterprise Certified Architect or be willing to obtain within 6 months of hire date.
- Excellent written and verbal communication skills required.
- Solid understanding of Information Security and Networking required.
- Working knowledge of SIEM technology (e.g. LogRhythm, QRadar, enVision. Nitro) required.
- Outstanding time management and organizational skills required.
- Ability to operate equipment or tools, specifically: Internet, e-mail, MS Office products, advanced knowledge of Excel, sound knowledge of PowerPoint required.
- Ability to work nights or weekends as required.
- Demonstrated understanding of Information Security regulations, frameworks, requirements etc. and how to map a client’s security needs to a SIEM solution required.
- Demonstrated understanding of vulnerability management systems and programs preferred.
- Demonstrated understanding of PCI, SOX, HIPAA etc. preferred.
- Security and/or Networking familiarity or understanding in the following preferred.
- Basic routing principles and networking fundamentals
- Well known protocols and services (FTP,HTTP,SSH,SMB,LDAP)
- Command line interfaces
- Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep)
- Keen ability to diagnose and troubleshoot technical issues, excellent problem-solving skills
Friday, January 11, 2019