Lead SIEM Engineer

About The Position

Requirements

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
• In-depth knowledge of SIEM technologies (e.g., Splunk, IBM QRadar, Sumo Logic, Securonix), including design, implementation, and administration

Nice To Haves

• Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems design
• In-depth knowledge of SIEM technologies (e.g., Splunk, IBM QRadar, Sumo Logic, Securonix), including design, implementation, and administration
• Experience with scripting and programming languages (e.g., Python, PowerShell) for automating security tasks and developing SIEM use cases
• Proven experience with the development and customization of tools utilized in assigned Cybersecurity function
• Familiarity with regulatory standards (e.g., PCI DSS, GDPR, SOX) and their impact on security controls within the banking sector
• Proficient in analyzing security logs, network traffic, and system events to identify and respond to security incidents
• Demonstrated ability to translate architecture into technical requirements
• Proficient persuasive communication skills to gain buy-in of others
• Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources
• Ability effectively serves in indirect leadership role

Responsibilities

• Lead the design and architecture of the bank's SIEM infrastructure, ensuring its effectiveness, scalability, and alignment with industry standards and regulatory requirements
• Implement, configure, and optimize SIEM solutions to collect, correlate, and analyze security event data from various sources, such as network devices, servers, applications, and endpoints
• Develop and maintain SIEM use cases, correlation rules, alerts, and reports to identify and prioritize security incidents and potential threats
• Lead collaboration efforts with Cybersecurity and Technology teams to effectively implement and maintain security solutions for the organization.
• Lead improvement initiatives within Cybersecurity team, implementing best practices and optimizing processes to enhance security capabilities.
• Stay up to date with the latest security threats, vulnerabilities, and industry trends, and proactively assess their potential impact on the bank's SIEM infrastructure
• Lead SIEM-related projects, including system upgrades, enhancements, and integration with other security tools and technologies
• Provide guidance and mentorship to junior SIEM engineers, promoting knowledge sharing and skill development within the team
• Actively partner with vendor to optimize security products and/or drive resolution of complex support issues.
• Assist leadership with vendor relationships by maintaining when licenses need to be renewed, informing when hardware needs to be refreshed or new technologies should be considered.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned