Cyber Security (SIEM) Engineer

Description:

The Cyber Security (SIEM) Engineer, Managed Security Services will be responsible for creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments. Experience and knowledge of SIEM is essential. The Security Engineer will work closely with Management, Security Analysts, Solution Architects, other Security Engineers, and clients to complete high profile, critical services to existing Managed Security Service clients.

To be eligible for the Employee Bonus Plan, all employees are required to be performing their job duties satisfactorily during the applicable bonus period. This includes consistent responsiveness during any assigned-On Call periods. Employees should also review the Employee Bonus Plan eligibility requirements to determine if they are eligible. If you have any questions on your eligibility for the Employee Bonus Plan please contact Human Resources.

Ntirety is proud to be named a Top 20 MSSP Provider for 2022 by MSSP Alert and ChannelE2E

https://www.msspalert.com/top250/list-2022/24/

Responsibilities:

· Secure design of the SIEM architecture and documentation of the design, configurations and associated procedures for log ingestion and platform maintenance.

· Design, building, testing and implementation of security alerts and reports using knowledge of event source logs and network packet data.

· Actively seek to improve and develop new alerting and dashboarding based upon observed security activity.

· Improve the ability to build complex security alerts by making and implementing recommendations on event source coverage, log and packet meta-tagging, and log and packet filtering.

· Design and generate data parsers as necessary to optimize ingestion of data from a wide variety of devices including servers, firewalls, IDS/IPS, VA appliances

· Design and build dashboards in the SIEM and tune out false positives from alerts in partnership with Threat Detection and Response.

· Assist Security Analysts in investigation and analysis as needed.

· Document and update the SIEM engineering processes and logging/ingestion procedures.

· Provide skillful knowledge within a Linux environment, editing and maintaining SIEM configuration files and applications.

· Evaluates and recommend new and emerging security products and technologies with careful documentation of technical requirements and collection of functional requirements from Threat Detection and Response.

· Research and document security best practices to continually improve the deployment and use of the SIEM.

· Stay abreast of current technologies, security compliance requirements, standards, and industry trends to help achieve cybersecurity’s goals.

· Maintain the health, performance, stability, tuning and ongoing planning of the SIEM platform.

· Support the SIEM platform and participate in on-call rotation.

· Interact with senior management, as necessary.

Desired Role Outcomes:

· We are proactive in identifying cyber security risks in both our internal and customer environments alike.

· We use and maintain our security platforms & tools to their fullest extent, and continually have the skills & knowledge needed to use them.

· Our customers and internal teams alike have the support that they require when it comes to security issues

· Our security workforce is knowledgeable on the latest trends in security and are proficient security professionals.

· We are leveraging automation to reduce our reliance on repeatable manual work.

Requirements

Qualifications / Required Skills:

· 3+ years professional experience supporting and maintaining SIEM systems (LogRhythm, ELK, Azure Sentinel).

· Experience with basic tuning of SIEM content.

· Experience working in a Security Operations Center, Managed Security, or client network environment.

· Knowledge of Linux and Windows Operating Systems.

· Must have technical troubleshooting and problem-solving skills

· Ability to work under pressure in a fast-paced environment.

· Strong attention to detail with an analytical mind and outstanding problem-solving skills.

· Great awareness of cybersecurity trends and hacking techniques.

· Ability to learn and communicate technical information to non-technical people.

· Must have excellent written & oral communication skills, and strong interpersonal skills.

· Must emulate the Ntirety Values in all that they do.

Education: Bachelor's degree in computer science or related field or equivalent experience. Additional certifications in security related disciplines (eg: Security+, CEH, CISSP, etc.) and hold LogRhythm Certifications: LRPA and LRSE are preferred.