Title: | SIEM Engineer / Architect. |
---|---|
ID: | 4109 |
Location: | Various (CONUS) |
Clearance: | Secret |
Netorian is seeking a SIEM Engineer / Architect.
Employment Type:
- Full-Time, exempt.
Compensation:
- Competitive, based on experience and qualifications.
Location:
- Remote.
Travel:
- 25%
Education:
- Master’s degree, or demonstrated experience and delivery in information security, data management or computer science
Certifications:
- Active professional security certifications (i.e. CISSP), open source project, security research or design/framework contributions or other current initiatives around information management, data and content modeling and large data analytics.
Security Clearance:
- All candidates must have an active DOD Top Secret Security Clearance and be SCI eligible
- Must successfully pass a criminal background check and drug screening
Experience:
- 7-10+ years of applied technology experience in defining strategy around security monitoring, incident management, regulatory compliance and process improvement.
- 5+ years hands on experience creating rules, alerts, content and reports within a complex SIEM environment.
- 3+ years’ experience with hands on database engineering and support
- Demonstrated expert level experience with HPE ArcSight, Splunk, and Hadoop, including log consolidation, correlation, content creation, workflow management and process improvement.
- Excellent Unix / Linux skills required
- Expert troubleshooting and break fix experience with SIEM environments required
- Excellent written and verbal communication skills
- Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.
Qualifications:
- Familiarity with Cyber Kill Chain methodologies
- Familiarity with Windows WEF Framework
- Understanding of Network Firewalls, Load Balancers and Complex System Designs
- Proficient with Software Development Life Cycles (i.e. ITSA, etc)
- Expertise in FLEXConnector framework development and strong Regex skills required
- Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
- Experience installing and maintaining open source log capture technologies such as Syslog-NG, Snare, LogStash, MSCOM etc is preferred
- Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem solving skills to deliver high impact solutions to meet their business needs.
Description of Work:
The SIEM Engineer/Architect is a client-facing role, responsible for architecting SIEM solutions to improve the security value, service management, and scalability for our clients. A working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design are required. The SIEM Engineer/Architect works under the supervision of Master SIEM Architects and Management while partnering with the client to deliver robust SIEM designs and implementations.
The SIEM Engineer/Architect works closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.
The successful candidate will be a strong technologist with a practical mind and creativity. The candidate must be able to effectively collaborate with the client’s Information Security and IT/IS teams and Master Architects to deliver optimal results for the client. Additionally, the candidate must be able to clearly and successfully communicate with a demonstrated understanding of business and technical requirements of the client.
Duties and responsibilities include:
- Align with client needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of their security operations center and infrastructure.
- Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses and opportunities for improvement.
- Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
- Creation of architecture diagrams, workflow models and proposals/presentations to key stakeholders who have a wind range of business, security and IT experience.
- Deliver high-level plans for architecting recommended solutions.
- Coordinate with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
- Develop and create reference architectures and models with proper documentation.
- Architect solutions to drive salability, efficiency and automation, which may include changes to people, process and technology.
- Provide remote consulting services via interactive client sessions to assist with implementation, support, and usage of multiple product vendors and technologies.
- Perform other duties as assigned.
Organizational Alignment:
- Role reports to Master Architect. It is a client Facing role that requires client travel. Requires working closely with Client IT Security and IT/IS Functions in addition to Netorian’s internal team. This role does not have any direct reports.