SIEM Systems Engineer – Assistant Vice President

About The Position

Requirements

• At least 5+ years of experience in technology with emphasis on cyber security.
• At least 3+ years of experience in SIEM and SOAR products such as Splunk, Elastic, Datadog, Cribl, etc.
• At least 1+ years of experience in Data Lake and data warehouse using products such as AWS S3, Snowflake, Databricks, etc.
• Experience with scripting is highly preferred like Python, Ansible etc.
• Experience in creating trending, metrics, and management reports
• Working knowledge in RegEx, Splunk search language, etc. is required.
• Knowledge of modern security principles and their practical applications.
• Knowledge and experience operating in a hybrid-cloud environment.
• Knowledge and experience in AWS or Azure
• Knowledge and experience with programming language to automate tasks (e.g. Python or PowerShell)
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field, or relevant industry certifications. Equivalent work experience is equally preferable.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Manager (CISM)
• Certified Information System Auditor (CISA)
• Certified Ethical Hacker (CEH)

Responsibilities

• Design, implement, and operate enterprise-scale SIEM architectures with a strong emphasis on Cribl Stream / Edge as the primary data pipeline feeding Splunk and other downstream consumers
• Leverage industry trends and market research to adopt the best practices to enhance the SIEM and SOAR platforms.
• Build and manage Security Data Lakes and Warehouses, with a strong preference for AWS-based solutions (e.g., S3, Snowflake, Databricks).
• Define SIEM and SOAR platform standards including data schema, modelling, normalization, monitoring and alerting.
• Develop scalable patterns for integrating on-prem, cloud, SaaS, container, and application data sources into Cribl and SIEM platforms
• Use Regex, Splunk SPL, Kusto Query Language (KQL) and scripting (Python, Ansible) to parse, normalize, enrich, and detect security events.
• Ability to conduct fraud analysis and threat detection.
• Create dashboards, metrics, trends, and executive-level reporting using SIEM & SOAR data.
• Identify opportunities to enhance the current baseline processes and configuration
• Produce engineering, integration and process related documentation.
• Manage vendor relationships to drive roadmap, solution design, implementation and troubleshooting
• Work with key stakeholders of the services to ensure the expectations are meeting the requirements
• Knowledge of various applications and systems that include Servers, security platforms, middleware, Clouds (SaaS, PaaS and IaaS), Containers, etc. to come up with the right approach of SIEM integration
• Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution
• Ability to provide technical directions to other peer staff members, and to train new staff on the security team

Benefits

• Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays.