SIEM Engineer

Remote • Posted 2 hours ago • Updated 2 hours ago
Contract Independent
Contract W2
Contract Corp To Corp
12 Months
No Travel Required
Remote
Depends on Experience
Fitment

Dice Job Match Score™

👤 Reviewing your profile...

Job Details

Skills

  • Access Control
  • Analytics
  • Backup
  • Bash
  • CISSP
  • Cloud Computing
  • Collaboration
  • Computer Networking
  • Cyber Security
  • Dashboard
  • Data Modeling
  • High Availability
  • Incident Management
  • Knowledge Transfer
  • Lifecycle Management
  • Linux
  • Log Management
  • Management
  • Microsoft Windows
  • Network
  • Normalization
  • Onboarding
  • Optimization
  • Palo Alto
  • Python
  • Recovery
  • Regulatory Compliance
  • Reporting
  • Routing
  • SIEM
  • SaaS
  • Scripting
  • Security Architecture
  • Security Operations
  • Security+
  • System On A Chip
  • Systems Design
  • Technical Writing
  • Threat Analysis
  • Tier 1
  • Tier 3
  • Workflow

Summary

Job Id: SC-12751

Remote SIEM Engineer (CISSP/Security+/GIAC/SIEM/Cortex/CRIBL/15+) with Palo Alto Cortex XSIAM/XDR (must), CRIBL data modeling, Log pipeline design/parsing/normalization/enrichment/routing/ingestion, Python/Bash, telemetry troubleshooting experience

Location: Columbia, SC (ADMIN)
Duration: 12 Months

Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.

Skills:
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
HANDS-ON PALO ALTO CORTEX XSIAM AND CORTEX XDR DESIGN, IMPLEMENTATION, ADMINISTRATION AND OPERATIONAL SUPPORT.
Experience engineering and supporting SIEM capabilities for multi-tenant environments and 247 Security Operations Center operations.
Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
Strong experience creating and managing complex playbooks
CRIBL DATA MODELING, LOG PIPELINE DESIGN, PARSING, NORMALIZATION, ENRICHMENT, ROUTING AND INGESTION.
Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.

Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows and custom application sources.
Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.

REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR S DEGREE IN AN
INFORMATION TECHNOLOGY OR
INFORMATION SECURITY RELATED
FIELD
EIGHT YEARS OF RELEVANT WORK
EXPERIENCE MAY BE SUBSTITUTED IN LIEU OF EDUCATION
FIVE YEARS OF EXPERIENCE IN SUPPORTING LARGE IT ENVIRONMENTS AND/OR SYSTEM DEPLOYMENTS

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
HANDS-ON EXPERIENCE OPERATING CORTEX XSIAM AND CORTEX XDR IN A LARGE, MULTI-TENANT ENVIRONMENT.
Hands-on Cribl administration, data modeling and log pipeline optimization experience.
Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 247 operational handoffs.
Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.

PREFERRED EDUCATION/CERTIFICATIONS:
CISSP, Security+ or GIAC certification
Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification

Job Description:
DAILY DUTIES / RESPONSIBILITIES:
THIS POSITION IS 100% REMOTE AND WILL PARTICIPATE IN A MONTHLY ON-CALL ROTATION SUPPORTING A 24X7 SECURITY OPERATIONS CENTER SERVING MULTIPLE STATE AGENCIES. OTHER AFTER-HOURS WORK MAY BE REQUIRED AS NEEDED.

PRIMARILY ASSIST IN THE PLANNING, DESIGN, DEPLOYMENT, ADMINISTRATION AND OPERATIONAL SUPPORT OF ENTERPRISE SIEM AND XDR CAPABILITIES, INCLUDING:
PALO ALTO CORTEX XSIAM AND CORTEX XDR PLATFORM ENGINEERING, CONFIGURATION, OPTIMIZATION AND TROUBLESHOOTING
MULTI-TENANT AGENCY ONBOARDING, TENANT-SPECIFIC CONFIGURATION, ROLE-BASED ACCESS, DATA SEGREGATION, DASHBOARDS AND REPORTING
DETECTION ENGINEERING, CORRELATION RULES, ANALYTICS, THREAT-HUNTING QUERIES, WATCHLISTS, SUPPRESSION LOGIC AND FALSE-POSITIVE REDUCTION

SECONDARILY ASSIST IN THE PLANNING, DESIGN, DEPLOYMENT AND OPERATIONAL SUPPORT OF LOG MANAGEMENT AND SECURITY DATA PIPELINES, INCLUDING:
CRIBL DATA MODELING, LOG PIPELINE DESIGN, ROUTING, PARSING, NORMALIZATION, ENRICHMENT, FILTERING, REPLAY AND INGESTION
ONBOARDING AND HEALTH MONITORING OF CLOUD, ENDPOINT, NETWORK, IDENTITY, SAAS AND CUSTOM APPLICATION TELEMETRY
LOG VOLUME, RETENTION, PERFORMANCE AND COST OPTIMIZATION WHILE MAINTAINING SECURITY AND COMPLIANCE REQUIREMENTS
INTEGRATIONS WITH TICKETING, CASE MANAGEMENT, NOTIFICATION, IDENTITY, THREAT INTELLIGENCE AND OTHER ENTERPRISE SYSTEMS AS NEEDED

DEVELOP, TEST, DEPLOY AND MAINTAIN AUTOMATED RESPONSE WORKFLOWS AND PLAYBOOKS FOR ENRICHMENT, TRIAGE, CONTAINMENT, ESCALATION, NOTIFICATIONS, CASE MANAGEMENT AND INCIDENT RESPONSE.
CREATE AND MAINTAIN OPERATIONAL RUNBOOKS, STANDARD OPERATING PROCEDURES, ESCALATION MATRICES, TROUBLESHOOTING GUIDES, ARCHITECTURE DIAGRAMS, DATA-FLOW DOCUMENTATION, USE-CASE CATALOGS AND ANALYST KNOWLEDGE ARTICLES.
SUPPORT TIER 1 THROUGH TIER 3 SOC ANALYSTS AND INCIDENT RESPONDERS THROUGH PLATFORM TROUBLESHOOTING, DETECTION TUNING, THREAT HUNTING, TECHNICAL ESCALATION, KNOWLEDGE TRANSFER AND SHIFT HANDOFFS.
MONITOR AND REPORT ON INGESTION HEALTH, PLATFORM AVAILABILITY, ALERT VOLUMES, DETECTION COVERAGE, FALSE POSITIVES, SERVICE LEVELS, MEAN TIME TO DETECT, MEAN TIME TO RESPOND AND TENANT-SPECIFIC OPERATIONAL METRICS.
ENSURE HIGH AVAILABILITY, RESILIENCE, BACKUP, RECOVERY, LIFECYCLE MANAGEMENT AND CONTROLLED CHANGE PROCESSES FOR SIEM, XDR AND SUPPORTING LOG PIPELINE SERVICES.
COLLABORATE WITH SECURITY ARCHITECTS, ENGINEERS, ANALYSTS AND AGENCY STAKEHOLDERS TO ALIGN SOLUTIONS WITH BUSINESS GOALS, INDUSTRY-STANDARD FRAMEWORKS, REGULATORY REQUIREMENTS AND ORGANIZATIONAL RISK TOLERANCE.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10456060
  • Position Id: SC-12751
  • Posted 2 hours ago
Contact the job poster
Sunny Singh

Sunny Singh

Recruiter @ Innosoul inc
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Remote or South Carolina

Today

Easy Apply

Contract

Remote

Today

Easy Apply

Contract

$80 - $110

Remote or Columbia, South Carolina

Today

Easy Apply

Third Party, Contract

$$80/hr on W2

Remote

Today

Easy Apply

Contract

70 - 89

Search all similar jobs