Senior Security Platform Engineer (a/k/a Cybersecurity)

Senior Security Platform Engineer (a/k/a Cybersecurity) (multiple positions) (State Street Bank and Trust Company; Boston, MA):  Will serve as a technical expert for product engineering and service support for critical enterprise security technologies of the Company’s Information Security Services. Primarily entails hands on technical product design and deployment specifically for building and managing SIEM & data platforms like Splunk Enterprise, Splunk Enterprise Security, Databricks and Cribl. You will also be a mentor to junior staff members, both on-shore and off-shore, to develop their skills in SIEM platforms. Specific duties of the position include: Engineering, implementing and administering SIEM platforms Splunk Enterprise and Splunk Enterprise Security in public  cloud and on-premise datacenters; Analyzing, designing, building and supporting Splunk Multi-Cluster Architecture; Configuring, deploying, and maintaining the Cribl LogStream platform; Incident and Problem Management, Change and Release Management, Vendor Management, Capacity Management functions for these applications; Support 24X7 monitoring and maintenance of the data platforms; Product architecture, engineering and roadmap and Infrastructure Services for platforms supported by Cyber Data & Analytics team; Assisting the content engineering team in developing security-focused content threat detection logic and operational dashboards in Splunk; Log telemetry and Data onboarding to cyber data platforms like Splunk, Databricks etc., using data routing tools like Cribl; Engineer & build large scale data platforms in public clouds (AWS, Azure) to support Cyber Threat Detection, Analytics, Observability & Cyber Research functions using DevOps tooling and CI/CD processes; Provide engineering and design support to meet growth needs while maintaining performance, stability and scalability of the platforms. Up to 5% domestic travel when required to offices in Massachusetts. Full time telecommuting permitted pursuant to Company policy.

Minimum Requirements: Master’s degree or equivalent in Computer Science, Information Technology, Cybersecurity or related field; plus 6 years of experience in Security Engineering, System Administration, Database Administration, Network Engineering, or Software Engineering with a concentration in Cybersecurity. Alternatively, will accept a Bachelor’s degree or equivalent in Computer Science, Engineering, Information Technology, Cybersecurity or related field; plus 9 years of experience in Security Engineering, System Administration, Database Administration, Network Engineering, or Software Engineering with a concentration in Cybersecurity.

Total required experience above must include the following (can be gained concurrently): 6 years of IT engineering experience in building and managing infrastructure and security platforms; 6 years of professional engineering experience with the Splunk platform. Must also have the following: Minimum 3 full lifecycle implementation experiences of Splunk Enterprise on-prem and/or public cloud (AWS, Azure); 2 of the following certifications: Splunk Certified Admin, Splunk Enterprise Security Certified Admin, Splunk IT Service Intelligence Certified Admin, or AWS Certified Solutions Architect; Experienced with Splunk’s multiple deployment options – including on-premise distributed deployments and public cloud that can leveraged for other large scale data platforms like Cribl, Databricks etc.; Expert-level experience with SIEM technologies - implementation, tuning, troubleshooting; Expertise in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps; Expertise in on-boarding of standard and custom data sources in Splunk and have a thorough knowledge of using regular expressions to create extractions; Knowledge of scripting languages such as Python, Perl, bash; Experience in implementing, architecting and administering Splunk Enterprise Security, UBA and Splunk Phantom; Experience with AWS Services and technologies like AWS Lambda, VPC, CloudTrail, CloudWatch, IAM, S3, EKS etc.; Hands on experience with integrating Kubernetes platforms like AWS EKS or OpenShift Container Platform; Solid ability to Maintain, Manage and Monitor large scale data platforms like Splunk , Cribl etc.; Demonstrated experience in clustering and load balance Environments setup; Provide production support, root cause analysis, troubleshooting, and expedient remediation of Splunk instance issues; Expertise in writing Splunk queries in Splunk Programming Language (SPL) and data ingestion, normalization; Demonstrated understanding of Splunk APIs and SDK; Demonstrated experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts; Experience with log management, data processing, and data analytics; Knowledge of or experience managing Security solutions like DLP, ZScaler, Palo Alto, Symantec solutions, McAfee, or Active directory; Knowledge of networking and switching protocols, and infrastructure services to troubleshoot and identify DNS,NTP, routing, switching, and firewall issues affecting connectivity of Splunk instances to users, end nodes, and heavy forwarders; Solid Documentation skills and team player who can work in a “Agile” fashion. (Unless otherwise indicated, State Street is seeking the stated ability in the skills listed above with no specific number of years or amount of experience required. All experience can be gained concurrently.)

To apply to this position, you must click the “Apply” button on this page and complete the online application.  An EOE.

#LI-DNI

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.