Job Description

Are you interested in building cybersecurity solutions for the future? If so, pursue your passion as SIEM Engineer on our Cyber Defense team!

In this role, you will be an integral part of the IT organization. The ideal candidate will have a demonstrated understanding of Information Security, Computer Networking, the Software Development Life Cycle (SDLC) and extensive experience interacting with customers. Candidate must have Security Information and Event Management (SIEM) expertise and be willing to train on the company platform and products.

Primary Responsibilities

• This is a technical, hands-on role that will focus on maintaining the SIEM platform, working alongside team members and stakeholders as well as training and enabling teams for successful adoption of the SIEM platform
• Manage platform, agent, and app\add-on log source integration upgrades
• Develop alerts, reports, data models, dashboards, and connectors to support custom user requirements
• Recognize patterns and inconsistencies that could indicate complex cyber-attacks
• Develop SIEM correlation rules to detect new threats beyond current capabilities
• Assist with designing and documenting work processes
• Perform log file analysis as needed
• Develop recommendations in collaboration with other team members to maximize Enterprise capabilities in prevention, detection, analysis, containment, eradication, and recovery from cyber-attacks.
• Contribute to CTI (Cyber Threat Intelligence) data gathering, reporting, and analysis activities
• Leverage automation and orchestration solutions to automate repetitive tasks
• Research and explore new avenues to overcome obstacles by utilizing the latest technologies and cybersecurity standards

Basic Requirements

• Bachelor's degree in Cyber Security, Computer Science, Information Systems, Software Engineering, Computer Engineering or related field, or equivalent work experience

Preferred Qualifications

• 2-5 years of experience in the Information Security field
• 1+ years of experience with SIEM and UEBA solutions such as Splunk, LogRhythm, Elastic
• Understanding of log collection methodologies and aggregation techniques such as Syslog, NXlog, Windows Event Forwarding
• Working knowledge of cloud platforms such as AWS, Azure and GCP
• Strong knowledge of at least one programming or scripting language (ex. Python, PowerShell, PHP, Perl)
• Understanding of security models and frameworks (ex. MITRE ATT&CK, MITRE D3FEND, Cyber Kill Chain (CKC))
• Demonstrated experience providing customer-driven solutions, support, or service
• Ability to communicate effectively with all levels of an organization from Engineering, Operations to C-level audiences

• Security certifications (Security+, GSEC, GCIH, GCIA, CISSP, NCSF, etc)
• Splunk certifications
• Familiar with Risk Based Alerting (RBA) frameworks and implementation
• Experience architecting, planning, deploying, and using SIEM or UEBA platforms
• Experience integrating or using endpoint security and host-based intrusion detection solutions
• Extensive knowledge and understanding of directory services
• Demonstrated experience in one of the following fields Cyber Threat Intelligence, Incident Response, or Computer Forensics
• Strongly prefer candidates who have solid knowledge of one or more programming or scripting language such as PHP, Perl, Python, PowerShell

*This position is part of a job family. Experience will be the determining factor.

#LI-SW11

#LI-Remote

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (844) 404-7247.