Location
Richmond Hill, ON | Canada
Job description
One of my clients working in the technology industry is looking for their next Sr SIEM Engineer (F/M).
Location: Richmond Hill
Availability/Duration: ASAP + 3-months CONTRACT position
Work organization: Hybrid (3 days in the office/ 2 days on remote)
The Senior SIEM Engineer is a member of the Information Protection Center providing subject expertise. You are responsible for the health, performance, and capacity planning of our SIEM platform, including the management and operation of the SIEM infrastructure. This hands-on role requires a deep technical knowledge of security technologies, and you must have a solid understanding of information security and networking.
You are great at:
- Providing subject expertise for all SIEM components and design.
- Researching, documenting, and implementing security best practices to continually improve the deployment and use of the SIEM.
- Coordinating and conducting event collection, log management, event management, and compliance automation.
- Researching, analyzing, and understanding common and complex log sources.
- Providing expert guidance regarding the implementation of rules and event correlation for the SIEM environment.
- Developing detection rules to support alerting and response capabilities for our SOC services.
- Providing day to day event parsing and repairing of events that have missing or incorrect information.
- Troubleshooting issues with log sources or systems, with internal IT teams and vendors, providing resolution to defects or performance issue as needed.
- Creating detailed reports on the status of the SIEM that also includes metrics on items such as number of logging sources; log collection rate, and server performance.
- Design and build dashboards in the SIEM.
- Develop, implement, and execute standard procedures for the administration, management, and lifecycle of the SIEM.
- Participating in incident response and technical investigations as needed.
- Performing in-depth analysis of current threat activity and trends
- Mentoring and training security team members on the SIEM deployment and operation.
- Providing support for audits and gathering of artifacts for ISO27001, PCI, SOC1 & SOC2, etc.
What it takes:
- BS in Computer Science, Cybersecurity, Information Assurance, or Information Security preferred.
- 3–5 years SIEM experience, which includes leading SIEM deployments and optimization.
- Minimum 2 years working experience with LogRhythm and/or Splunk.
- Experience working with major Cloud providers is preferred.
- Understands and can articulate how the SIEM platform and service provides value to the company.
- Experience in a large enterprise environment analyzing security event data for attack patterns and understanding attacker tactics.
- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities.
- Working with knowledge of Threat intelligence to interpret IOC’s and translating them for the alert to SIEM.
- Understanding of OSI layers, network protocols (IP, ICMP, TCP, UDP), network services (DNS, DHCP, routing protocols
- Scripting skills (Python, PowerShell, Regular Expressions, Lua)
- Experience with Windows and Linux Operating Systems
- Experience creating and refining metrics to articulate and measure program performance.
- Able to work independently and efficiently, as well as with others, to meet deadlines in a fast-paced environment.
- Self-motivated and detail-oriented.
- Possess excellent writing and communication skills.
- CISSP, GCIH, CISA, CISM, or other industry certifications are preferred.
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or contact [email protected] .
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.
Job tags
Salary