Information Security Engineer – SIEM

Job Summary:

We are hiring an Information Security Engineer for our Security Operations team at Milliman. If you are passionate about cybersecurity operations and have a strong knowledge of SIEM technologies, come join us and help us protect our clients and their data from emerging threats while advancing your career in the field of Information Security.

You will be part of the Global Corporate Services (GCS) Information Security team, and you will mainly support the security of Milliman’s IT infrastructure and web-based applications. You will need to have extensive experience in managing and optimizing the Microsoft Sentinel SIEM system, and other related Cybersecurity architecture in a global information security environment.

You will also help to secure and safeguard enterprise networks and systems by supporting security requirements, implementing and testing security systems, preparing security standards, policies, and procedures, and mentoring team members. You will also help computer users with installing or using new security products and procedures.

You will report to the Information Security Manager in India and work together with other geographical teams.

Job Requirements

• Manage and Monitor SIEM Systems
• Collaborate with cross-functional teams to manage the SIEM solution, ensuring it aligns with security policies and business needs.
• Configure and manage SIEM connectors to collect security data from various sources, such as devices, users, applications, and infrastructure, both on-premises and in multiple clouds.
• Play a critical role in incident response activities, leveraging the SIEM to investigate, analyze, and mitigate security incidents and breaches.
• Integrate MS Sentinel with other Microsoft security solutions, such as Microsoft 365 Defender, and third-party threat intelligence platforms.

• Implement/Maintain Protections
• Support security solutions through utilization of tools to monitor and maintain wide area networks (WANs), local area networks (LANs), Secure Web Gateway (SWG), virtual private networks (VPNs), routers, firewalls, and related security and network devices.
• Support secure email protocols, routing, and configuration (e.g., DMARC, DKIM, SPF, DLP, SPAM filtering)
• Upgrades security systems by monitoring vendor alerts and other security resources; identifies security gaps; evaluates and implements enhancements as part of change management.

• Security Monitoring & Reporting
• Monitors Milliman’s networks and systems for security breaches and/or intrusions.
• Installs, monitors, and maintains solutions that helps to notify of intrusion events and other irregular system behavior.
• Prepares system security metrics reports by collecting, analyzing, and summarizing data and trends.  Proficiency in PowerBI/MS Excel and data analysis.
• Track and understand emerging security trends, practices, threats, and standards; by reading professional publications, and participating in professional organizations and educational opportunities.
• Additional work and duties as assigned.

Qualifications

The jobholder is expected to demonstrate the following primary knowledge, skills, or attributes:

Education and Technical Expertise –

• Bachelor of Science degree in relevant field, technical degree or equivalent experience required.
• 5+ years’ experience with increasing responsibility in the Information Security discipline.
• Strong knowledge of Microsoft Sentinel or other SIEM platforms. Experience migrating from AT&T AlienVault USM to Microsoft Sentinel is a plus.
• Preferred candidates shall have experience with managing and maintaining one or more key information security systems used by Milliman, including: Microsoft Defender EDR; Checkpoint firewalls and intrusion detection/prevention; Zscaler secure web gateway; Proofpoint email security and data loss protection; Zero Networks unified Zero Trust platform; in addition to other key security technologies.
• Proficient in Kusto Query Language (KQL) and PowerShell.
• Demonstrated understanding of key security concepts and standards such as HITRUST, NIST & ISO 27001.
• Candidates with relevant certifications preferred (e.g., CCSA/CCSE[1], CISSP[2], CIS, SC-200: Microsoft Security Operations Analyst, CompTIA Network+/Security+).

Influencing Capabilities – Communicate clearly both orally and in writing; Provide end-user support; Establish and maintain continuous, positive, cooperative communication with other security professionals, including SOC analysts, threat hunters, and IT teams, to enhance the security posture and promote interdepartmental teamwork.

Self-Management Capabilities – Maintain sensitive and confidential information and data regarding company, client, or personal information and processes; Use feedback mechanisms to identify areas for improvement; Continuously work on improving own knowledge, and skills; Support the mission and values of the organization; Display a positive, optimistic attitude towards challenges and problems.

Problem Solving Expertise – Clearly and proactively isolate and define problems and take steps to resolve them before they become larger and more critical; Make quick, realistic, practical decisions in urgent situations; Make decisions that support the needs of all affected stakeholders; Maintain a proper sense of balance of the perspectives and agendas of others.