Client Services Cybersecurity Consultant

Company Overview:
Lean Tech is a rapidly expanding organization situated in Medellín, Colombia. We pride ourselves on possessing one of the most influential networks within software development and IT services for the entertainment, financial, and logistics sectors. Our corporate projections offer a multitude of opportunities for professionals to elevate their careers and experience substantial growth. Joining our team means engaging with expansive engineering teams across Latin America and the United States, contributing to cutting-edge developments in multiple industries.
Position Title: Professional Services ConsultantWhat you will be doing:The Professional Services Consultant is the technical lead for Professional Services engagements focused on the design, development, and implementation of Taegis solutions for customers. You will provide Customers with architecture and design plans to support the implementation and operation of the Taegis platform and potential integration with other SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) platforms. The role includes responsibility for managing customer expectations, assisting customers with onboarding data into Taegis, supporting projects for multiple customers, including multi-site/distributed installations, and assisting with the development of plans and advanced reports to meet the requirements of key stakeholders. You will also be responsible for conducting research in areas driven by customer use cases for Taegis solutions. Role Responsibilities

• Configure, & deploy Taegis and associated integrations for client engagements.
• Lead the technical aspects of Taegis Professional Services engagements.
• Guide the design, development, and review of complex Taegis solutions and integrations.
• Analyze and identify areas of improvement with existing security operations processes, procedures, and documentation.
• Assist in the development of internal training methods to support professional services capability development.
• Act as a Taegis subject matter expert for other team members and provide guidance and mentoring on Taegis and integration solutions.
• Assist with client transition and onboarding and serve as a primary SME point of contact for professional services.
• Define, explain, and demonstrate how to use Taegis and related integrations to both technical and non-technical personnel.
• Provide remote consulting services via interactive client sessions to assist with implementation of Taegis solutions.
• Lead the implementation of Taegis solutions and related integrations for clients in large enterprise environments
• Recommend, test, tune and implement Taegis use cases and rules
• Identify false positives from alerting, and define processes and procedures for performing incident response, triage, incident analysis and remediation tasks
• Create, modify, and update threat detection and response correlation rules, reports, and dashboards
• Interact with clients that leverage SIEM and other tools to provide guidance on threat detection & response best practices.
• Work with our internal Managed SIEM Services teams and Client POCs (Proof of Concept) to provide triage guidance, incident analysis and remediation guidance, as necessary

Preferences

• Hands-on experience developing advanced threat detection use cases for a SIEM platform (e.g., Splunk, ArcSight, QRadar, LogRhythm)
• Prior consulting or customer-facing support experience highly preferred
• Prior experience administering SIEM platforms (e.g., Splunk, ArcSight, QRadar, LogRhythm)
• Experience using Python, APIs, or other similar scripting languages to automate tasks and manipulate data (REST, GraphQL, RegEx(JSON, CEF, LEEF, etc.))
• Knowledge of Amazon Cloud and Web Services (AWS, Azure, etc.)
• Knowledge of endpoint detection and response (EDR) technologies (e.g.: CrowdStrike, Carbon Black, etc.).
• CISSP, Linux+, Security+, CEH, MCSE, CCNA, SANS GIAC series and/or other certifications that demonstrate a commitment to continuous professional development
• Knowledge of SIEM "best practices" (e.g., Splunk, ArcSight, QRadar, LogRhythm)
• Prior experience developing use cases with one or more of the following SIEM platforms: Splunk, QRadar, ArcSight, McAfee ESM, LogRhythm, or RSA NetWitness
• Strong presentation and communication skills (must be able to clearly explain and articulate complex subjects in a way that can be understood by less technical or non-technical audiences, both in writing and during live presentations)
• Experience with common security controls (e.g., Firewalls, IDS, AD, Proxies, etc.)
• Knowledge of enterprise logging for OS, applications & various security technologies
• Experience investigating common types of attacks and security events
• Solid technical understating of TCP/IP, SSL, Exploit kits, DNS, & network architecture
• Working knowledge (user and admin level) of multiple operating systems (Windows 7/8/10/2012R2+, Linux CentOS/RHEL/Ubuntu)

Join Lean Tech and contribute to shaping the data landscape within a dynamic and growing organization. Your skills will be honed, and your contributions will play a vital role in our continued success. Lean Tech is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.