Location
Baltimore, MD | United States
Job description
Job Title: SIEM Engineer
Location: Hybrid REMOTE to Baltimore MD (EST Hours) Onsite 23 Times a month minimum
Start Date: ASAP
Duration: 4 Month Contract
Day to Day
- Integrate various applications
- Onboarding alerting & routing the data to the platform
- Gap Analysis
- Configuration Alerts
- Python scripting
- Elasticsearch (Backend & front end)
- AWS
Must Haves
- In laymans terms what does this person need to be doing in their job every day Whats the problem they are solving
- Main focus of the position will be helping push the data through different platforms
- What type of experience is needed and how does this experience translate to the actual role
- Experience with SIEM integration in cloud environments
- UNIX
- Python Scripting
- Elasticsearch
- Security background
- AWS
- Top 3 Must Haves (What would this person need that if they did not have this experience they absolutely would not be considered) :
- Elasticsearch
- AWS
- python scripting
- Good technical communication skills to interact w/ Business stakeholders
- Certifications:
- CISSP CCSP GCIA GCIH GMON etc.)
Senior SIEM Engineer The SIEM engineer will build and automate highconfidence alerts processes perform log gap analysis and tune detections to identify and remediate gaps in the current detection posture thereby reducing the overall cyber risk exposure. The engineer will also be responsible for application security logs onboarding into SIEM platform. They will also assist prioritization and workload from infrastructure teams data analyst to assist with the build/roll out of other tools and integrations. They will also support written technical deliverables such as SOPs and/or process workflows to optimize tool usage and contribute to new capabilities. They will play a crucial role in delivering the infrastructure and data pipeline to threat analysts for their analysis and consumption. This team member will collaborate closely with internal teams external/3 rd party organizations to empower the business.
Key Responsibilities: Perform gap analysis of the current detections proactively finetuning and optimizing their performance to identify and address areas for improvement and automate workflows wherever necessary.
Demonstrate proficiency in integrating applications (e.g.: CrowdStrike ExtraHop and Filebeat) utilizing REST APIs webhooks and other secure methods for seamless integration.
Partner with business application teams to assess and enhance logging capabilities for tailored monitoring and alerting features while also working closely with vendor support to ensure efficient troubleshooting and resolution of SIEM platformrelated issues.
Utilize data modeling processing and transformations to enhance the utilization of scan and inventory results generating actionable metrics visualizations and reports. Implement configuration administration development scripting/coding and data analytics using internal tools.
Must build and maintain strong working relationships with IT engineering End User Computing Operations and other stakeholders to remediate Information Security and/or Vulnerability Findings.
Work with other industry experts on learning exploring and adapting new best practices.
Maintain comprehensive documentation for all activities related to integrations and onboarding ensuring clear and organized records of processes configurations and changes.
Evaluate information to determine compliance with standards.
Required Skills and Experience Bachelors degree in Information Technology Cybersecurity or related field.
Minimum 5 years of experience in IT Security or Information Technology.
Possess 35 years of experience working in a SIEM at the enterprise level.
Experience with tools like Google Chronical Devo or Elasticsearch.
Collaborate with diverse IT and business stakeholders to design and maintain productionquality log management/SIEM reports facilitating data analysis and visualization.
Experience with SIEM integration in cloud environments such as AWS Azure or GCP ability to secure cloudnative workloads and monitor cloud infrastructure using SIEM tools.
Experience in scripting languages such as Python PowerShell or Bash with strong knowledge of regular expressions allowing for the development of automation scripts and playbooks to streamline SIEM operations and enhance efficiency.
Experience in designing and developing REST APIs demonstrating the ability to create robust and scalable solutions that effectively communicate and interact with other systems and applications.
Experience in working with syslog servers proficiency in configuring finetuning and maintaining syslogng or rsyslog and the ability to troubleshoot and promptly resolve issues related to syslog systems ensuring the reliable collection processing and storage of log data.
Experience authoring security runbooks policy and best practice documentation and implementing SOAR platforms.
Develop and maintain comprehensive documentation pertaining to log management/SIEM infrastructure configuration and operational processes.
Possess advanced system administration skills particularly with Linux operating systems.
Understanding of tactics techniques and procedures associated with cyber threats and the ability to develop relevant alerting countermeasures and threat hunting techniques.
Exhibit a strong work ethic excellent discretion judgment and possess a comprehensive understanding of industry standards IT tools processes and foundational knowledge of computer networking.
Preferred Skills and Experience Experience with industry leading SIEM platforms such as Splunk IBM QRadar ArcSight or LogRhythm demonstrating familiarity with their features capabilities and administration.
Achieved one or more relevant security certifications (CISSP CCSP GCIA GCIH GMON etc.)
Job tags
Salary