Contract to Hire ( 6 months convert to Full Time)
Salary conversion: $125K-$140K
100% Remote
Our client has contract to hire opportunity for a SIEM Engineer.
- We use Sumo Logic but it is not the most popular tool so I would be surprised to find someone with experience in that. But Splunk, Elk, Log Stash, etc. should be on the resume.
- SIEM Engineer for Cloud Operations
Position Description:
- Security Engineer specializing in SIEM platforms (preferably SumoLogic) with a primary focus on security monitoring and alerting, including the collection and analysis of data to identify suspicious activity and improve the organization's security.
- The engineer will be responsible for administering, configuring, and monitoring the SIEM solution to maintain and improve the security posture of our Cloud operations. The engineer will possess solid experience in the SOC/SIEM domain in accordance with the NIST 800-53 security framework.
- The engineer will be responsible for being able to communicate and report status in a concise, summarized and effective manner to management.
- The position also requires solid technical skill and experience in a linux environment and a demonstrated working knowledge of linx OS, automation, and troubleshooting.
- Candidate must be a U.S. Citizen living in the US. Work is 100% remote so must be able to work independently while maintaining close and effective relationships with the entire team.
- The work is fast paced in a rapidly evolving environment.
- This is a tremendous opportunity to work and collaborate with highly talented people.
Job Responsibilities:
- Developing and implementing internal SIEM solution internally with strong experience in assessing and implementing SIEM and other tools and processes for a Security Operations Centre (SOC)
- Develop content for a growing SIEM infrastructure. This includes dashboards, reports, rules, filters, trends, and alerts.
- Use SIEM in the daily operational work which includes but not limited to Administer, operate, manage the SIEM solution and regular activities of ensuring the health of log sources, parsers, alerts, reports etc. to ensure the solution is operating as planned.
- Monitor SIEM and other event sources, assess, prioritize, escalate, and manage security alerts.
- Perform analysis of security, and application logs, correlate events, and activities to create
- threat scenarios to get ahead of threat actors and reduce the exposure.
- Lead the incident response function across the cloud environment in accordance with NIST 800- 53 requirements/controls.
- Interpret threat intelligence into actionable security actions across tools such as firewall, IPS and malware detection across multiple security vendor platforms.
- Continuously track and resolve security incidents and collaborate with cloud operations and ISSM for resolution and suggest areas for improvement.
- Must have experience building custom connectors/parsers etc. to point IT assets that are not supported out of the box.
- Own and operate security solutions to protect against cyber threats and attacks.
- Continuous fine-tuning of our security solutions to reduce the occurrence of false positive and false negative alerts.
- Review, and update System Security Plan (SSP) and associated artifacts.
- Provide support to Authorizing Official (AO), and System Owner for maintaining appropriate operation information assurance (IA) posture for the CISO.
- Plan, manage, and document the reports for Incident Response testing/validation exercises.
- Manage, Support, and document activities for Annual Assessments, Significant Change Events.
- Must have extensive knowledge of any SIEM solution like QRadar, Splunk, ELK, SumoLogic, etc.
- Working knowledge and experience with SumoLogic a plus
- Must have working knowledge of Malware detection solutions McAfee/Trellix, TrendMicro, Symantec, etc.
Ideal Candidate will have deep technical knowledge of the following:
- System security and SIEM implementation experience
- In-depth experience and understanding of Security Event Management – both from a technology/tool as well as process perspective.
- Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP
- Demonstrated experience and expertise with several of the following technology competencies with SIEM, vulnerability scanning tools, File Integrity Monitoring, and Data Loss Protection etc.
- Development of security scripts in Linux / Windows environment for automated detection and scanning
- Network stream analysis using packet capture/reconstruction.
- Experience executing on NIST Incident Response Frameworks
- Current knowledge of security threats, solutions, security tools and network technologies
- An understanding or proficiency in information security and compliance regulations (NIST, ISO 27001, GDPR)
- Demonstrated ability of effective problem-solving and troubleshooting of technical issues.
- Fluency in English, written and spoken is necessary.
- Excellent documentation skills
- Must be able to work independently and a collaborator.
Education & Qualifications:
- 2 to 5 years as a Sr. SIEM Engineer
- Bachelor’s Degree in an IT related discipline
- In lieu of certifications, at least 2 years of information security, auditing, or risk management experience.