The SIEM Architect is a client-facing role, responsible for architecting SIEM solutions to improve the security value, service management, and scalability for our clients. A working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design are paramount. This individual will work under the supervision of Master SIEM Architects and Management while partnering with the client to deliver robust SIEM designs and implementations.
This function will work closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.
The most successful candidate will be a strong technologist with a practical mind and creativity. This candidate must be able to effectively collaborate with the client’s Information Security and IT/IS teams and ThetaPoint Master Architects to deliver optimal results for the client. In addition, the SIEM Architect must be able to clearly and successfully communicate with a demonstrated understanding of business and technical requirements of the client.
- Align with client needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of their security operations center and infrastructure.
- Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses and opportunities for improvement.
- Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.
- Creation of architecture diagrams, workflow models and proposals/presentations to key stakeholders who have a wind range of business, security and IT experience.
- Deliver high-level plans for architecting recommended solutions
- Coordination with the client and key stakeholders to gather requirements and design the solutions to support those requirements.
- Proficient at developing and creating reference architectures and models with proper documentation.
- Architect solutions to drive salability, efficiency and automation, which may include changes to people, process and technology.
- Provide remote consulting services via interactive client sessions to assist with implementation, support, and usage of multiple product vendors and technologies.
- Perform other duties as assigned.
- Role reports to Master Architect
- Client Facing role – will require client travel
- Work closely with Client IT Security and IT/IS Functions in addition to ThetaPoint internal team
- This role does not have any direct reports
- Master’s degree, or demonstrated experience and delivery in information security, data management or computer science
- 7-10+ years of applied technology experience in defining strategy around security monitoring, incident management, regulatory compliance and process improvement.
- Demonstrated expert level experience with HPE ArcSight, Splunk, and Hadoop, including log consolidation, correlation, content creation, workflow management and process improvement.
- 5+ years hands on experience creating rules, alerts, content and reports within a complex SIEM environment.
- Familiarity with Cyber Kill Chain methodologies
- Excellent Unix / Linux skills required
- Familiarity with Windows WEF Framework
- Understanding of Network Firewalls, Load Balancers and Complex System Designs
- Expert troubleshooting and break fix experience with SIEM environments required
- 3+ years’ experience with hands on database engineering and support
- Excellent written and verbal communication skills
- Proficient with Software Development Life Cycles (i.e. ITSA, etc)
- Active professional security certifications (i.e. CISSP), open source project, security research or design/framework contributions or other current initiatives around information management, data and content modeling and large data analytics.
- Expertise in FLEXConnector framework development and strong Regex skills required
- Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
- Experience installing and maintaining open source log capture technologies such as Syslog-NG, Snare, LogStash, MSCOM etc is preferred
- 3-5 Years experience working with Incident Response handling or inside a Security Operations Center.
- Ability to rapidly understand client’s business strategies and possess the capability to apply creative problem solving skills to deliver high impact solutions to meet their business needs.
Environmental Job Requirements and Working Conditions
- Job requires travel approximately 40-50% of the time
- All candidates must be clearable, existing clearance preferred
- Must successfully pass a criminal background check and drug screening
- We offer flexible working arrangements and a telecommuting program when not client facing
- Base + Bonus dependent upon experience and skillsets
- Medical, Dental and Vision Insurance
- 401k Plan
- 15 Days PTO
If interested in this positions at ThetaPoint, please submit your resume and a cover letter to email@example.com.
About ThetaPoint, Inc.
ThetaPoint is a leading provider of strategic consulting and managed security services. We help clients plan, build and run successful SIEM and Log Management platforms and work with the leading technology providers to properly align capabilities to clients needs. Recognized for our unique technical experience, in addition to our ability to quickly and rapidly solve complex customer challenges, ThetaPoint partners with some of the largest and most demanding clients in the commercial and public sector. For more information, visit www.theta-point.com or follow us on Twitter or Linked-In.