Educates and partners with internal customer teams (for example, Compliance, Cybersecurity Risk Assessment, Infrastructure) to ensure appropriate threat monitoring by gathering information about system and software solutions in accordance with company audit trail standards.
Manages the lifecycle of security information and event management (SIEM) rules, reports, and dashboards to present actionable threats to Intrusion Analysts by refining existing rule logic; collaborating within the Security Incident Management area; creating new rules and reports; and removing outdated rules and reports.
Manages security information and event management (SIEM) infrastructure by monitoring metrics for efficiency and effectiveness; acting as an escalation point during software and hardware upgrades; managing and approving documentation related to incident and change tracking; managing and approving SIEM documentation; participating in pager rotation for on call support; opening trouble tickets with vendors; and following up to ensure resolution of open trouble tickets.
Collaborates with other security information and event management (SIEM) engineers on architecture and engineering design by contributing to strategy and design meetings; contributing to SIEM roadmap discussions; and supporting SIEM product evaluations.
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.Minimum Qualifications: Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or related field and 3 years' experience in information technology or related field within the last 7 years' OR 5 years experience in information technology or related field within the last 7 years. 2 years' experience with a log analysis/SIEM product (for example, Splunk, ArcSight, Qradar, Nitro) OR 2 years' experience with manual security log review and analysis (for example, Windows Event Log, Linux Syslog).
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.Building, developing, and implementing quality programs/systems, Information Security, Information Technology, Mac and PC Production EnvironmentsCCNA - Cisco Certified Network Administrator - Certification, CISA - Certified Information Systems Auditor - Certification, CISSP - Certified Information Systems Security Professional - Certification, GCIH - GIAC Certified Incident Handler - Certification