SIEM Security Engineer
Previous Job
Previous
SIEM Security Engineer
Ref No.: 18-24093
Location: New York, New York
Position Type:Full Time/Contract
Start Date: 04/10/2018
Must Have:
8-10 years' experience (IT Security)
Linux administration
At least two of the following programming languages perl/python/shell/sql
Experienced with regex and various parsing methods
Direct experience as a Splunk administrator
Familiar with Splunk architecture and its various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder.
Experience with Splunk Enterprise Security (ES)
Building complex queries and optimize searches for better performance.
Creating and managing app, Create user, role, Permissions to knowledge objects.
Developing Field Extraction, Transformation and Loading (ETL) processes

Good to have:
SIEM technologies: Splunk, ArcSight, QRadar
Security Certifications: CISSP, SANS (GCIA or similar)

Responsibilities:
Change management:
Prepare, document, implement and verify changes including communicate changes to end-users and other impacted parties

Incident, Problem management:
Conduct Root Cause Analysis (RCA), respond to incidents and participate in post mortem analysis

Tooling:
Design and implement monitoring solutions on various platforms
Handle complex reporting requests from senior management and regulators
Automate repetitive and manual processes

Product onboarding:
Work on defining Roles & Responsibilities (RACI) by designing and implementing a support model
Build functional QA/UAT environments and train L1/L2 teams

Infrastructure support:
Manage code-base and configuration via various version control systems