Skip to content
mimi
All jobs

SIEM Engineer

Jose Merciline

Baltimore · On-site Full-time Mid Level 1mo ago
Apply with a tailored resume Save job

About the role

About

The SRT DevOps team is seeking an engineering-minded cyber-security engineer that has hands on experience creating and maintaining analytics in a SIEM platform. This DevOps engineer will collaborate with other developers and SMEs in an agile environment to develop state-of-the art detection and automated response capabilities to counter cybersecurity threats, including:

Responsibilities

  • Support current Arc Sight solution and lead effort to migrate detection rules to Splunk ES
  • Migrate all ArcSight contents to Splunk knowledge objects
  • Work with engineering teams on field extractions and validation of logs
  • Onboarding and normalizing log and reference data-sources needed for analytics
  • Creation of analytics in Splunk and Splunk Enterprise Security
  • Improvement and fine-tuning of analytics
  • Creating data dictionaries for log sources
  • Operational support for production platforms through health monitoring and root-cause troubleshooting

Skills Required

  • 3+ years of SIEM experience
  • Excellent knowledge of ArcSight ESM, creating rules, filters, and active lists
  • Excellent knowledge of Splunk and ES (Searching, Reporting, Alerting, Dashboards, Correlation searches)
  • 3+ years of blue-team operational security experience within a SOC or MSSP
  • 2+ years of software development experience related applied to the above
  • Experience using SOAR platforms and Python scripts to automate incident response
  • Experience creating and maintaining analytics for security use-cases in Splunk and Splunk ES
  • Experience analyzing data, developing alerts, and designing dashboards for security operations
  • Comfortable with Unix and Windows CLI
  • Experience analyzing infrastructure and application log sources
  • Knowledge of CIM and experience normalizing data to the common information model
  • Desired experience writing automation scripts in Python
  • Good Understanding of regular expressions
  • Familiarity with the SDLC and proven experience deploying software into a production environment
  • Experience with streaming data using Rsyslog, Syslog-NG, Nifi and Kafka
  • Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin
  • Ability to work in a globally distributed team
  • Excellent written and verbal communication skills
  • Passionate interest in cyber security

Skills

ArcSightCIMKafkaNifiPythonRsyslogSOARSplunkSyslog-NGUnix CLIWindows CLI

Similar roles

Principal Information Security Systems Engineer (ISSE)

Serco

Senior Database Engineer

Glencore AG

Software Engineer (Rust)

Spire

$131k – $171k/yr

Don't send a generic resume

Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.

Get started free