SIEM Tech Lead, Senior Specialist

The Vanguard Group•Dallas, PA

2d•Hybrid

About The Position

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Requirements

Minimum of eight years’ related work experience.
Undergraduate degree or equivalent combination of training and experience required.
Must obtain CISSP within one year of hire.
Strong understanding of attacker TTPs and detection engineering.
Experience with detection-as-code frameworks and CI/CD pipelines.
Experience with Elastic Security
Familiarity with MITRE ATT&CK, Sigma rules, and threat modeling

Nice To Haves

Graduate degree preferred.

Responsibilities

Leads and implements cyber security monitoring and data consumption design, identifies real-time complex attack patterns and develops detection strategies.
Leads the processes, tools and measures to monitor and detect compromises, risks, vulnerabilities, network security threats, tactics and techniques used by modern and emerging threat actors.
Develops, manages, maintains and enhances security controls (alerts, rules, policies, and signatures) for the security platforms.
Keep department management informed on progress, issues, and opportunities; promptly alert management of any potential security breaches or risks impacting business operations.
Develops strategies to optimize AI usage within SIEM platform and identifies opportunities to enhance operations using AI.
Develops and implements strategies in partnership with engineering support teams to increase the efficiency of the SIEM and maximize the cost.
Partners closely with the SOAR team to increase automation opportunities across the broader security organization.
Develops relationships across Vanguard IT and business teams to help solve complex data challenges.
Mentor junior team members to improve their technical acumen and SIEM expertise.
Participates in special projects and performs other duties as assigned.