Cyber-Security SIEM Engineer
The SRT DevOps team is seeking an engineering-minded cyber-security engineer that has hands on experience creating and maintaining analytics in a SIEM platform.
This DevOps engineer will collaborate with other developers and SMEs in an agile environment to develop state-of-the art detection and automated response capabilities to counter cybersecurity threats, including:
#Support current ArcSight solution and lead effort to migrate detection rules to Splunk ES
#Migrate all ArcSight contents to Splunk knowledge objects.
#Work with engineering teams on field extractions and validation of logs
#Onboarding and normalizing log and reference data-sources needed for analytics
#Creation of analytics in Splunk and Splunk Enterprise Security
#Improvement and fine-tuning of analytics#Creating data dictionaries for log sources
#Operational support for production platforms through health monitoring and root-cause troubleshooting
Skills required
#3+ years of SIEM experience.
#Excellent knowledge of ArcSight ESM, creating rules, filters, and active lists.
#Excellent knowledge of Splunk and ES (Searching, Reporting, Alerting, Dashboards, Correlation searches)
#3+ years of blue-team operational security experience within a SOC or MSSP
#2+ years of software development experience related applied to the above
#Experience using SOAR platforms and Python scripts to automate incident response
#Experience creating and maintaining analytics for security use-cases in Splunk and Splunk ES
#Experience analyzing data, developing alerts, and designing dashboards for security operations
#Comfortable with Unix and Windows CLI from
#Experience analyzing infrastructure and application log sources
#Knowledge of CIM and experience normalizing data to the common information model
#Desired experience writing automation scripts in Python
#Good Understanding of regular expressions
#Familiarity with the SDLC and proven experience deploying software into a production environment
#Experience with streaming data using Rsyslog, Syslog-NG, Nifi and Kafka
#Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin
#Ability to work in a globally distributed team
#Excellent written and verbal communication skills
#Passionate interest in cyber security
