SIEM Engineer

Job Title: (SIEM) Engineer
Start/End Dates: 12 months

Location: Remote,(Need Local to Birmingham, AL /Atlanta, GA/ Nashville, TN/ or Charlotte, NC.) Position Summary:

Security Information and Event Management (SIEM) Engineer is responsible for managing and supporting the systems and content related to the SIEM and User Behavior Analytics (UBA) platforms.

Primary Responsibilities

Sources and onboards new data and leverages it to create valuable insights and solve problems as well as develop queries, dashboards, visualizations, reports, and alerts

Assists with investigations of suspicious activity, incident response, and corrective actions to improve security

Evaluates new technologies, enhancements, and process improvements to improve security

Maintains knowledge with current emerging technologies and advancements within Information Security

May provides expertise and solutions for others as a subject matter expert

Requirements

High School Diploma or GED and eight (8) years of related post-secondary education and/or experience in Information Security or Information Technology

Preferences

Advanced certification or training as an administrator or architect

Background or training in Information Security Operations and a firm grasp on concepts related to defending an enterprise

Experience building content such as alerts, dashboards, and reports

Experience with event monitoring/analytics platforms such as Splunk, ArcSight, Qradar, Logrhythm, Exabeam, or Securonix

Experience with event routing such as Syslog or Kafka

Experience with networking or network traffic analysis

Experience with one or more Information Security controls such as IDS/IPS, Firewalls, Endpoint Protection, DLP, or Application Security is ideal

Familiarity with log/data collection and management

Linux system administration experience

Skills and Competencies

Ability work comfortably from a command line

Effective written and verbal communication skills

Strong organizational, research, analytical and/or problem-solving skills to evaluate situations, make recommendations, and take effective action

Strong technical, investigative, and analytical skills

Working knowledge and experience with one or more scripting languages: Bash, Perl, Python, JavaScript

*While this position will primarily work offsite, associate must be located within a reasonable driving distance (75 miles or less) of Birmingham, AL /Atlanta, GA/ Nashville, TN/ or Charlotte, NC.

We are seeking a skilled and experienced Threat Detection SIEM Engineer with expertise in Splunk to join our dynamic team. As a Threat Detection SIEM Engineer, you will be responsible for the design, implementation, and management of our Security Information and Event Management (SIEM) platform, with a focus on threat detection and log analysis using Splunk. You will collaborate with cross-functional teams to proactively detect and respond to potential security threats and ensure the overall security of our organization's digital assets. The ideal candidate possesses a strong background in cybersecurity, SIEM technologies, and hands-on experience with Splunk.

Responsibilities:

Design, deploy, configure, and manage the SIEM infrastructure using Splunk to ensure effective and efficient threat detection and incident response capabilities.

Collaborate with internal stakeholders to identify and define SIEM use cases, threat detection rules, alerts, and correlation rules based on industry standards and best practices.

Develop and maintain content for SIEM platforms, including parsers, connectors, dashboards, and reports.

Monitor and analyze security events and logs to identify potential security incidents, intrusions, and vulnerabilities.

Investigate and respond to security alerts generated by the SIEM system, and initiate incident response procedures as required.

Conduct advanced log analysis and perform forensic investigations to identify indicators of compromise (IOCs) and patterns of malicious activity.

Develop and maintain incident response playbooks and procedures, and participate in incident response activities as needed.

Collaborate with the security operations team to ensure timely incident resolution and effective containment of security breaches.

Conduct periodic reviews and assessments of SIEM configurations, rules, and processes to identify areas for improvement and optimization.

Stay up to date with the latest industry trends, threat intelligence, and emerging technologies in the field of SIEM and threat detection.

Provide guidance, training, and knowledge transfer to junior team members on SIEM engineering and Splunk best practices.