Cyber-Security Siem Engineer

Cyber-Security SIEM Engineer

The SRT DevOps team is seeking an engineering-minded cyber-security engineer that has hands on experience creating and maintaining analytics in a SIEM platform.

This DevOps engineer will collaborate with other developers and SMEs in an agile environment to develop state-of-the art detection and automated response capabilities to counter cybersecurity threats, including:

#Support current ArcSight solution and lead effort to migrate detection rules to Splunk ES

#Migrate all ArcSight contents to Splunk knowledge objects.

#Work with engineering teams on field extractions and validation of logs

#Onboarding and normalizing log and reference data-sources needed for analytics

#Creation of analytics in Splunk and Splunk Enterprise Security

#Improvement and fine-tuning of analytics#Creating data dictionaries for log sources

#Operational support for production platforms through health monitoring and root-cause troubleshooting

Skills required

#3+ years of SIEM experience.

#Excellent knowledge of ArcSight ESM, creating rules, filters, and active lists.

#Excellent knowledge of Splunk and ES (Searching, Reporting, Alerting, Dashboards, Correlation searches)

#3+ years of blue-team operational security experience within a SOC or MSSP

#2+ years of software development experience related applied to the above

#Experience using SOAR platforms and Python scripts to automate incident response

#Experience creating and maintaining analytics for security use-cases in Splunk and Splunk ES

#Experience analyzing data, developing alerts, and designing dashboards for security operations

#Comfortable with Unix and Windows CLI from

#Experience analyzing infrastructure and application log sources

#Knowledge of CIM and experience normalizing data to the common information model

#Desired experience writing automation scripts in Python

#Good Understanding of regular expressions

#Familiarity with the SDLC and proven experience deploying software into a production environment

#Experience with streaming data using Rsyslog, Syslog-NG, Nifi and Kafka

#Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin

#Ability to work in a globally distributed team

#Excellent written and verbal communication skills

#Passionate interest in cyber security