Netorian is seeking a SIEM Engineer / Architect.

Employment Type:

• Full-Time, exempt.

Compensation:

• Competitive, based on experience and qualifications.

Location:

• Remote.

Travel:

• 25%

Education:

• Master’s degree, or demonstrated experience and delivery in information security, data management or computer science

Certifications:

• Active professional security certifications (i.e. CISSP), open source project, security research or design/framework contributions or other current initiatives around information management, data and content modeling and large data analytics.

Security Clearance:

• All candidates must have an active DOD Top Secret Security Clearance and be SCI eligible
• Must successfully pass a criminal background check and drug screening

Experience:

• 7-10+ years of applied technology experience in defining strategy around security monitoring, incident management, regulatory compliance and process improvement.
• 5+ years hands on experience creating rules, alerts, content and reports within a complex SIEM environment.
• 3+ years’ experience with hands on database engineering and support
• Demonstrated expert level experience with HPE ArcSight, Splunk, and Hadoop, including log consolidation, correlation, content creation, workflow management and process improvement.
• Excellent Unix / Linux skills required
• Expert troubleshooting and break fix experience with SIEM environments required
• Excellent written and verbal communication skills
• Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.

Qualifications:

• Familiarity with Cyber Kill Chain methodologies
• Familiarity with Windows WEF Framework
• Understanding of Network Firewalls, Load Balancers and Complex System Designs
• Proficient with Software Development Life Cycles (i.e. ITSA, etc)
• Expertise in FLEXConnector framework development and strong Regex skills required
• Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
• Experience installing and maintaining open source log capture technologies such as Syslog-NG, Snare, LogStash, MSCOM etc is preferred
• Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem solving skills to deliver high impact solutions to meet their business needs.

Description of Work:

The SIEM Engineer/Architect is a client-facing role, responsible for architecting SIEM solutions to improve the security value, service management, and scalability for our clients. A working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design are required. The SIEM Engineer/Architect works under the supervision of Master SIEM Architects and Management while partnering with the client to deliver robust SIEM designs and implementations.

The SIEM Engineer/Architect works closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.

The successful candidate will be a strong technologist with a practical mind and creativity. The candidate must be able to effectively collaborate with the client’s Information Security and IT/IS teams and Master Architects to deliver optimal results for the client. Additionally, the candidate must be able to clearly and successfully communicate with a demonstrated understanding of business and technical requirements of the client.

Duties and responsibilities include:

• Align with client needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of their security operations center and infrastructure.
• Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses and opportunities for improvement.
• Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
• Creation of architecture diagrams, workflow models and proposals/presentations to key stakeholders who have a wind range of business, security and IT experience.
• Deliver high-level plans for architecting recommended solutions.
• Coordinate with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
• Develop and create reference architectures and models with proper documentation.
• Architect solutions to drive salability, efficiency and automation, which may include changes to people, process and technology.
• Provide remote consulting services via interactive client sessions to assist with implementation, support, and usage of multiple product vendors and technologies.
• Perform other duties as assigned.

Organizational Alignment:

• Role reports to Master Architect. It is a client Facing role that requires client travel. Requires working closely with Client IT Security and IT/IS Functions in addition to Netorian’s internal team. This role does not have any direct reports.