Senior SIEM Engineer

Architecture, Security, Splunk, SIEM, Cyber security, Cloud
Full Time
$120,000 - $150,000
Work from home available Travel not required

Job Description

Core Responsibilities:

  • SIEM Project Engineering, Implementation, and Support                                           
    • Act as a security information and event management (SIEM) system Subject Matter Expert (SME) to architect, engineer, implement, and support organization and customer projects.
    • Interact with stakeholders in gathering requirements, onboarding data sources, configuration, and optimization of the SIEM suite of tools including products such as Splunk Enterprise Security.
    • Design and development of custom complex search queries to promote and support advance searching, forensics, and analytics.
    • Design and develop dashboards, data models, reports, visualizations, and perform performance optimization.
    • Provide knowledge and ability to architect, design, support, and maintain high availability, distributed, multi-clustered and multi-tenant Splunk deployment environments.
    • Provide support for SIEM deployment and server infrastructure analysis, optimization, and capacity planning.
    • Provide support for onboarding and maintaining a wide variety of data sources to include various OS, appliance, and application logs.
    • Drive ongoing improvement of processes for integrating SIEMs and ingesting data.
    • Develop and provide documentation on SIEM architectures, technical designs, data flows, as-built documents, and SOPs.
    • Other duties as assigned.
  • Business Development                                                                                                         
    • Assist with project Level of Effort (LoE) creation and scoping.
    • Serve as a SME on Splunk and other SIEMs to assist with business development proposals.
  • Internal Security Work Prioritization, Planning, and Scheduling meetings             
    • Attend project specific planning meetings for projects with a vested interest.
    • Attend weekly team planning meetings.
    • Attend daily standups.
  • Personal Growth and Development                                                                                  
    • Continual professional growth in the security field through the pursuit of Splunk and other vendor specific certifications.
    • Expand skillset in soft skills, leadership, and management through continual personal development. Specifically using skyline library, participation in Skyline training, or additional methods.
    • Attend Splunk conferences for personal development and networking opportunities.
    • Attend One-on-Ones, performance management, and interviews.

 

What We're Looking For

Education and Experience Requirements

  • At least seven (7) years of experience in an information technology related field.
  • At least three (3) years of progressive experience in engineering, implementation, and support of security information and event management technologies.
  • Bachelor’s degree from an accredited college or university with a major in Cyber Security Computer Science, Information Systems, Engineering or related scientific or technical discipline.
  • At least ten (10) years of experience in an information technology related field in lieu of Bachelor’s degree.

Technical Skills Requirements

Required Skills/Certifications:

  • Strong demonstrated experience with Splunk and Splunk Enterprise Security.
  • Strong demonstrated experience with SIEM architecture, design, and implementation.
  • Demonstrated experience with operational and security hardening configuration for SIEM solutions.
  • Demonstrated experience with configuration management and change control for SIEM solutions.
  • Demonstrated experience managing and troubleshooting SIEM systems in Windows and various Linux distributions.
  • Scripting experience with one or more of the following languages: PowerShell, Bash, Shell, and/or Python
  • CompTIA Security+ certification
  • Splunk certifications, for example: Splunk Power User, Splunk Enterprise Admin, Splunk Enterprise Architect, and Splunk Enterprise Security Admin

Desired Skills/Certifications:

  • Splunk Certified Core Consultant certification
  • Experience with cloud environments such as AWS, Azure, and/P, and cloud security architecture.
  • Experience with other SIEM programs such as ELK and Azure Sentinel.
  • Experience in project task technical analysis, planning, and estimation.
  • Experience with technology capabilities market research, technical analysis/review, and recommendation.
Dice Id : 90956506
Position Id : 6931616
Originally Posted : 2 months ago
Have a Job? Post it