Description

Responsibilities: Assesses, formulates, and executes tasks related to Security Incident and Event Management (SIEM), IDS/IPS, Privileged Account Management, Certificate Lifecycle Management, WAF, NDR, CI/DI, AIP, EDR, HSM, Threat Analytics, and other Cybersecurity tools. Partners with Cyber Operations, IAM, Cyber Architecture, Network Services, DevOps, Risk Governance, and the Business to deliver initiatives within established milestones and budget. Assists Cybersecurity Engineering Team with an array of security engineering duties. Requirements: Bachelor’s degree in information technology, cybersecurity, or related field. Experience in Elastic end-to-end administration, Syslog server administration, SIEM technologies (ex: Devo) 5+ years of experience in IT Security or Information Technology. 3 – 5 years of experience in SIEM at the enterprise level. Experience with tools like Google Chronical, Devo, or Elasticsearch. Collaborate with diverse IT and business stakeholders to design and maintain production-quality log management/SIEM reports, facilitating data analysis and visualization. Experience with SIEM integration in cloud environments such as AWS, Azure, or Google Cloud Platform, ability to secure cloud-native workloads and monitor cloud infrastructure using SIEM tools. Experience in scripting languages such as Python, PowerShell, or Bash with strong knowledge of regular expressions allowing for the development of automation scripts and playbooks to streamline SIEM operations and enhance efficiency. Experience in designing and developing REST APIs, demonstrating the ability to create robust and scalable solutions that effectively communicate and interact with other systems and applications. Experience in working with syslog servers, proficiency in configuring, fine-tuning, and maintaining syslog-ng or rsyslog, and the ability to troubleshoot and promptly resolve issues related to syslog systems ensuring the reliable collection, processing, and storage of log data. Experience authoring security runbooks, policy, and best practice documentation, and implementing SOAR platforms. Develop and maintain comprehensive documentation pertaining to log management/SIEM infrastructure configuration and operational processes. Possess advanced system administration skills, particularly with Linux operating systems. Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques. Exhibit a strong work ethic, excellent discretion, judgment, and possess a comprehensive understanding of industry standards, IT tools, processes, and foundational knowledge of computer networking

Education

ANY GRADUATE