The SIEM Engineer is a client-facing role, responsible for administration, management, configuration, testing and integration of SIEM solutions to improve the security value, service management, and scalability for our clients. A working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design are paramount. This individual will work under the supervision of a SIEM Architect and Practice Manager while partnering with the client to deliver robust SIEM solutions.
This function will work closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.
The most successful candidate will be a strong technologist with a practical mind and creativity. This candidate must be able to effectively collaborate with the client’s Information Security and IT/IS teams and ThetaPoint Architects to deliver optimal results for the client. In addition, the SIEM Engineer must be able to clearly and successfully communicate with a demonstrated understanding of business and technical requirements of the client.
- Align with client needs, threat trends, and operational performance to identify opportunities for improvement/enhancement of their security operations center and infrastructure.
- Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses and opportunities for improvement.
- Work independently and in concert with others to optimize SIEM solutions that have a measurable impact on security value, service management and client elation.
- Provide technical input to Management for new security solutions/approaches to meet the client’s needs.
- Collaborate with the client to insure log/event sources are properly parsed and correlated correctly within the SIEM.
- Provide remote consulting services via interactive client sessions to assist with implementation, support, and usage of multiple product vendors and technologies.
- Perform other duties as assigned.
- Role reports to SIEM Architect
- Client Facing role – will require client travel
- Work closely with Client IT Security and IT/IS Functions in addition to ThetaPoint internal team
- This role does not have any direct reports
- 3+ years of security logging and monitoring engineering experience required
- 3+ years hands on experience in engineering and supporting large scale Splunk / Hadoop / ArcSight or similar event logging / correlation solutions for large corporations is required
- 3+ years hands on experience creating rules, alerts, content and reports within a complex SIEM environment.
- Familiarity with Cyber Kill Chain methodologies
- Excellent Unix / Linux skills required
- Familiarity with Windows WEF Framework
- Understanding of Network Firewalls, Load Balancers and Complex System Designs
- Basic troubleshooting and break fix experience with SIEM environments required
- 2+ years’ experience with hands on database engineering and support
- Expertise in FLEXConnector framework development and strong Regex skills required
- Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred
- Experience installing and maintaining open source log capture technologies such as Syslog-NG, Snare, LogStash, MSCOM etc is preferred
- Excellent written and verbal communication skills
- Proficient with Software Development Life Cycles (i.e. ITSA, etc)
- Active professional security certifications (i.e. CISSP), open source project, security research or design/framework contributions or other current initiatives around information management, data and content modeling and large data analytics.
- 1-2 years’ experience working with Incident Response handling or inside a Security Operations Center.
Environmental Job Requirements and Working Conditions
- Job requires travel approximately 40-50% of the time
- All candidates must be clearable, existing clearance preferred
- Must successfully pass a criminal background check and drug screening
- We offer flexible working arrangements and a telecommuting program when not client facing
If interested in this positions at ThetaPoint, please submit your resume and a cover letter to firstname.lastname@example.org.
About ThetaPoint, Inc.
ThetaPoint is a leading provider of strategic consulting and managed security services. We help clients plan, build and run successful SIEM and Log Management platforms and work with the leading technology providers to properly align capabilities to clients needs. Recognized for our unique technical experience, in addition to our ability to quickly and rapidly solve complex customer challenges, ThetaPoint partners with some of the largest and most demanding clients in the commercial and public sector. For more information, visit www.theta-point.com or follow us on Twitter or Linked-In.