Overview
On Site
USD 98,400.00 - 163,500.00 per year
Full Time
Skills
Event Management
Data Processing
Routing
Advanced Analytics
Computer Science
Information Technology
Cloud Computing
Unix
Command-line Interface
Cloud Security
Computer Networking
Firewall
Endpoint Protection
IDS
IPS
Vulnerability Management
Linux
Microsoft Windows
Database
Data Storage
Amazon S3
Data Lake
Amazon EC2
Terraform
Ansible
Puppet
Orchestration
Docker
Kubernetes
Amazon Web Services
Continuous Integration
Continuous Delivery
Splunk
Information Security
CISSP
CISM
SQL
System Administration
IT Security
ISO 9000
Scripting
Python
Windows PowerShell
Project Management
Agile
Attention To Detail
ITIL
Systems Engineering
Service Delivery
Strategic Leadership
Regulatory Compliance
Evaluation
Modeling
Business Strategy
Tier 3
Cyber Security
Analytics
Dashboard
Communication
Security Architecture
Security Engineering
Threat Analysis
Incident Management
Use Cases
Management
Collaboration
Scrum
Documentation
Service Management
Privacy
Continuous Improvement
SIEM
Storage
Workflow
Lifecycle Management
SAP BASIS
Law
Health Care
Life Insurance
Insurance
Job Details
Job Description
This Senior Security Engineer will be part of the Cyber Analytics and Automation team for our Security Information and Event Management (SIEM) platform. In this role you will be responsible for designing, implementing, and maintaining the architecture of our SIEM and related platforms to enhance our cybersecurity posture. You will also leverage your expertise in data processing and routing platforms to provide specialized support for the development of advanced analytics to support our Insider Threat and Cyber Incident Response teams.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor's degree in Computer Sciences or related field or equivalent experience/certification
7+ years of experience in Information Technology including:
4+ years of experience in an information security function
3+ years of experience with Splunk
Splunk Cloud Certified Admin
Cribl Certified User
Demonstrated knowledge of the Unix/Linux command line and command line utilities.
Familiarity with cloud security, threat intelligence platforms, and modern security architectures.
Subject matter expert in management and hands-on implementation of SIEM solutions.
Strong level of familiarity with common enterprise infrastructure systems, services and concepts pertaining to general networking, next-gen firewalls, endpoint protection, IDS, IPS, vulnerability management, Linux and Windows OS, databases, logging platforms.
Strong knowledge of AWS services, especially around data storage (e.g. S3, Data Lake) and compute (e.g. EC2) related services.
Working knowledge of Infrastructure as Code tools (e.g. Terraform, CloudFormation).
Working knowledge of IT and infrastructure automation tools (e.g. Ansible, Puppet).
Working knowledge of container/container orchestration technologies (e.g. Docker, Kubernetes, AWS EKS).
Strong working knowledge of CI/CD process and tools.
Preferred:
Splunk Enterprise Certified Architect
Cribl Certified Admin - Stream
Current Advanced information security certifications (e.g., CISSP, CISM, GIAC).
Familiarity (or greater) skill level in SQL
Background in IT security/systems administration or IT security/systems engineering
Working knowledge of frameworks such as MITRE ATT&CK, NIST CSF, and ISO/IEC 27001.
Experience with scripting/programming (Python, PowerShell, etc.) and automation.
Hands-on experience with the configuration and management of Rsyslog or Syslog-ng
Project management skills, with an understanding of core Agile principles
Detail oriented work style, well versed in ITIL best practices for security systems engineering lifecycle management and service delivery.
CORE WORK ACTIVITIES
Strategic Leadership:
Designs, engineers and implements solutions and integrations to meet security requirements pertaining to logging and monitoring functions.
Analyzes and manages performance and health of SIEM platform and requisite services.
Provides technical oversight, standardization and regular review of SIEM platform and requisite services for compliance with security and privacy policies.
Participates in the evaluation and selection of security service products.
Utilizes capability modeling to align systems strategy and planning with business strategy and goals.
Provides tactical direction to stakeholders pertinent to security logging and monitoring functions.
Technical Execution:
Provides tier-3 support for operational escalations or technical issues impacting SIEM or related platforms.
Collaborate with Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities.
Develops and maintains architectural diagrams for newly onboarded security tools.
Develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and related platforms.
Provides after hours support as needed during on-call rotation.
Collaboration and Communication:
Works closely with Security Architecture, Security Engineering, Threat Intelligence and the Cyber Incident Response Team to help develop solutions to address emerging threats, support requested service enhancements, and to support the development of new threat detection use cases.
Coordinates with service providers on infrastructure management and maintenance operations.
Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.
Attend SCRUM and prioritization meetings to review and update deliverables.
Produces and regularly updates documentation for SIEM service management and SOPs pursuant to security and privacy policy.
Continuous Improvement:
Continuously evaluates the effectiveness of the SIEM and related platform and requisite services to identify operational improvements, reduce costs, increase performance and automate where possible.
Continuously evaluating searches, scheduled searches, and other activities to identify opportunities to optimize storage and compute and reduce costs.
Contribute to the development and refinement of detection engineering standards, workflows, and best practices.
Following best practices pertaining to lifecycle management.
At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.
About Us
All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.
Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.
Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
About the Team
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.
This Senior Security Engineer will be part of the Cyber Analytics and Automation team for our Security Information and Event Management (SIEM) platform. In this role you will be responsible for designing, implementing, and maintaining the architecture of our SIEM and related platforms to enhance our cybersecurity posture. You will also leverage your expertise in data processing and routing platforms to provide specialized support for the development of advanced analytics to support our Insider Threat and Cyber Incident Response teams.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor's degree in Computer Sciences or related field or equivalent experience/certification
7+ years of experience in Information Technology including:
4+ years of experience in an information security function
3+ years of experience with Splunk
Splunk Cloud Certified Admin
Cribl Certified User
Demonstrated knowledge of the Unix/Linux command line and command line utilities.
Familiarity with cloud security, threat intelligence platforms, and modern security architectures.
Subject matter expert in management and hands-on implementation of SIEM solutions.
Strong level of familiarity with common enterprise infrastructure systems, services and concepts pertaining to general networking, next-gen firewalls, endpoint protection, IDS, IPS, vulnerability management, Linux and Windows OS, databases, logging platforms.
Strong knowledge of AWS services, especially around data storage (e.g. S3, Data Lake) and compute (e.g. EC2) related services.
Working knowledge of Infrastructure as Code tools (e.g. Terraform, CloudFormation).
Working knowledge of IT and infrastructure automation tools (e.g. Ansible, Puppet).
Working knowledge of container/container orchestration technologies (e.g. Docker, Kubernetes, AWS EKS).
Strong working knowledge of CI/CD process and tools.
Preferred:
Splunk Enterprise Certified Architect
Cribl Certified Admin - Stream
Current Advanced information security certifications (e.g., CISSP, CISM, GIAC).
Familiarity (or greater) skill level in SQL
Background in IT security/systems administration or IT security/systems engineering
Working knowledge of frameworks such as MITRE ATT&CK, NIST CSF, and ISO/IEC 27001.
Experience with scripting/programming (Python, PowerShell, etc.) and automation.
Hands-on experience with the configuration and management of Rsyslog or Syslog-ng
Project management skills, with an understanding of core Agile principles
Detail oriented work style, well versed in ITIL best practices for security systems engineering lifecycle management and service delivery.
CORE WORK ACTIVITIES
Strategic Leadership:
Designs, engineers and implements solutions and integrations to meet security requirements pertaining to logging and monitoring functions.
Analyzes and manages performance and health of SIEM platform and requisite services.
Provides technical oversight, standardization and regular review of SIEM platform and requisite services for compliance with security and privacy policies.
Participates in the evaluation and selection of security service products.
Utilizes capability modeling to align systems strategy and planning with business strategy and goals.
Provides tactical direction to stakeholders pertinent to security logging and monitoring functions.
Technical Execution:
Provides tier-3 support for operational escalations or technical issues impacting SIEM or related platforms.
Collaborate with Security Architecture and Engineering teams to ensure detection coverage aligns with cybersecurity risks and business priorities.
Develops and maintains architectural diagrams for newly onboarded security tools.
Develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and related platforms.
Provides after hours support as needed during on-call rotation.
Collaboration and Communication:
Works closely with Security Architecture, Security Engineering, Threat Intelligence and the Cyber Incident Response Team to help develop solutions to address emerging threats, support requested service enhancements, and to support the development of new threat detection use cases.
Coordinates with service providers on infrastructure management and maintenance operations.
Engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.
Attend SCRUM and prioritization meetings to review and update deliverables.
Produces and regularly updates documentation for SIEM service management and SOPs pursuant to security and privacy policy.
Continuous Improvement:
Continuously evaluates the effectiveness of the SIEM and related platform and requisite services to identify operational improvements, reduce costs, increase performance and automate where possible.
Continuously evaluating searches, scheduled searches, and other activities to identify opportunities to optimize storage and compute and reduce costs.
Contribute to the development and refinement of detection engineering standards, workflows, and best practices.
Following best practices pertaining to lifecycle management.
At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.
About Us
All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.
Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.
Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
About the Team
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.