Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lead Analyst, Security Analytics
Company McKesson
Location Dallas/Fort Worth Metro, Atlanta Metro
Preferred GIAC Certifications GSEC, GCIA, GMON, GDSA, GCDA
Travel 5%
Salary Not provided
URL https://mckesson.wd3.myworkdayjobs.com/en-US/External_Careers/job/DallasFort-Worth-Metro/Lead-Information-Security-Analyst---Global-Analytics_JR0037325-1
Contact Name Brian Tate
Contact Email Brian.Tate/at/McKesson.com
Expires 2021-03-11

Job Description

It’s not just a job, it’s a purpose. We partner with biopharma companies, care providers, pharmacies, manufacturers, governments and others to deliver the right medicines, medical products and healthcare services to the patients who need them, when they need them — safely and cost-effectively. Come join our team and be part of the solution together.

McKesson’s Global Security Analytics Lead will be a key member of McKesson’s global Information Security and Risk Management (ISRM) team responsible for delivering actionable insights within security data analytics platforms . This individual will be the SME for data analytics platforms such as Splunk Cloud and will be responsible for the architecture, operation and support of data analytics and related technologies.
Responsibilities

· Architect, engineer, implement, and administer SIEM solutions in a highly available, redundant, distributed computing environment.
· Perform SIEM/Splunk component deployment, configuration and troubleshooting across a variety of platforms both on-premises and in public clouds.
· Optimize the operation and performance of Splunk Indexers, Search Heads and Forwarders and other SIEM related technologies used for Cyber Defense.
· Integrate data feeds (logs) into SIEM/Splunk from on-premises and cloud deployed devices and applications.
· Develop SIEM content and support other content developers using your expert knowledge of SPL.
· Support and enhance cutting-edge machine-learning-based security analytics Splunk applications deployed on Splunk Enterprise Security.
· Monitor Splunk internal logs to identify and resolve potential performance issues
· Automate frequently used process and work flows with scripts and programs utilizing your development skills.
· Create technical documentation including SOP's and design documents related to system configurations, processes, and procedures.

Minimum Requirements:
Requires 10+ years of professional work experience
BS/BA degree or equivalent experience.
Critical Skills
· 5+ years of IT experience in a technical position as an engineer, architect or system administrator within a large-scale mission critical enterprise environment.
· 3+ years of direct hands-on experience installing, configuring and administering SIEM tools.
· Certified Splunk Power User, Administrator, Architect or Architect II
· CISSP or GIAC certifications preferred
· Proficiency with Linux platforms, including shell scripting. Red Hat preferred. Bash preferred.
· Experience deploying, configuring and maintaining Splunk at scale.
· Experience writing complex SPL queries for dashboards, reports and apps.
· Experience developing custom Splunk apps for end users.
· Experience automating repetitive and error prone operations with scripting languages.
· Experience with additional logging/data pipeline technologies such as ELK, LogStash, Spark, Kafka, Fluentd, AWS Kinesis, etc.
· Experience deploying and developing content for Splunk Enterprise Security.
· Working knowledge of network infrastructure components (switches, routers, firewalls, proxies, load balancers, etc.)
· Team oriented with great communication and interpersonal skills.
· Ability to work on all aspects of large-scale projects including planning, prioritizing, executing, delivering, and sustaining.
· Experience working in an Agile environment using Scrum or Kanban methods.

Preferred/Desired Skills
· Professional experience developing software using C#, Java, Python or similar languages.
· Experience developing for and deploying to Public Cloud, AWS and Azure. Certification a plus.
· Experience or desire to explore cutting edge data analytics platforms, such as Azure Sentinel
· Working knowledge of machine learning concepts and experience with one or more Client platforms or toolkits.
· Team oriented with great communication and interpersonal skills.
· Ability to work on all aspects of large-scale projects including planning, prioritizing, executing, delivering, and sustaining.

Physical Requirements
General Office Demands

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com

Current employees must apply through the internal career site.

Join us at McKesson!