|Preferred GIAC Certifications||GSEC, GCDA|
The Information Security Engineer is responsible for delivering world class IT services in a fast-paced, challenging global environment. The Engineer will develop and maintain IT processes and systems, with a primary focus on security information and event management (“SIEM”) and threat hunting. Information Security experience is required, but direct SIEM experience is not; relevant training will be provided.
RESPONSIBILITES AND DUTIES:
--Implement, maintain, and troubleshoot Splunk SIEM system. Includes intake of various log sources and creation and maintenance of queries, dashboards, apps, alerts, and reports.
--Maintain awareness of and help to implement IT and IT information security best practices, particularly as it relates to SIEM, log analysis, and threat hunting.
--Maintain operational knowledge of cyber risk and its potential likelihood and impact.
--Act as part of a team investigating, triaging, and responding to potential incidents, with a focus on log analysis and interpretation.
--Utilize SIEM and other systems to proactively hunt for threats.
--Evaluate the effectiveness of existing security controls and recommend relevant enhancements.
--Participate in security audits and red/blue/purple team exercises.
--Collaborate on cross-functional projects to ensure risk is managed throughout project lifecycles.
--Work assigned support tickets.
--Occasional off-hour availability for responding to unanticipated events.
--Extensive experience with Microsoft operating systems.
--Experience with typical information security tools and processes.
--Experience with programming or scripting languages, such as PowerShell, Python, Bash, SQL, and/or regular expressions.
--Experience researching and crafting innovative solutions to challenging technical problems.
--Experience evaluating and implementing new technology.
--Familiarity with reading and understanding application and operating system logs.
--Familiarity with network technology, Active Directory, macOS, Linux.
--Familiarity interpreting and acting on alerts from disparate IT systems as part of an IT incident management team.
--Basic knowledge of SIEM systems and purposes.
--Splunk-related certifications are preferred although not required, as are IT information security-related certifications such as those from GIAC/SANS, CompTIA, or (ISC)².
--Strong verbal and written communication skills.
--Ability to diagnose issues quickly in a diverse, fast-paced environment.
--Ability to effectively manage and complete multiple projects and tasks.