SIEM Engineer - Splunk | Remote, USA

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest-growing companies in a truly essential industry. Join us.
The SIEM Engineer works as a member of the Cyber Operations Team. The primary focus for this role is to act as a Subject Matter Expert for Splunk, and will be able to configure, manage, operate and administrate the platform for managed SIEM.
The successful candidate will possess deep technical knowledge on a number of security technologies to include cloud technologies (i.e. AWS, GCP, Azure); have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM management solutions. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.

How You'll Make an Impact

• Help lead/support engineering team by prioritizing clients work requests, projects and service tasks.
• Work closely with Management, Service Delivery and other Engineers in defining processes and procedures for internal projects.
• Analyzes and identifies areas of improvement with existing processes, procedures and documentation.
• Assist with client transition and onboarding serve as point of contact for Managed Security Service clients.
• This will require documentation of Account Governance processes and responsibility for report generation and notification to senior leadership about potential client Service Level Agreement (SLA) issues.
• Explain and demonstrate how to use SIEM and Enterprise Security products to both technical and relatively non-technical personnel.
• Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
• Implement and configure SIEM software and appliance-based products in large enterprise and Government environments.
• Help guide the design, development and review of complex security SIEM content.

Requirements/Qualifications

• Subject matter expert for onboarding SIEM components for existing and new clients.
• Experience in a large enterprise environment, of analyzing security event data for attack patterns, and understanding attacker tactics
• Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
• Working experience with Threat intelligence teams to be able to interpret IOCs and use them efficiently for alerting.
• Experience using multiple online sources in order to identify new threats
• Understanding of monitoring devices such as firewalls, network, and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
• Create technical documentation around the content deployed to the SIEM
• Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
• Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
• Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
• Manage appliance or virtual appliance OS and SIEM software.
• Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
• Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
• Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
• Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
• Perform formal Health Check and administrative password change.
• Perform formal Architectural Review.
• Create custom rules/rule modifications and custom reports/ report modifications as needed.
• Manage SIEM user accounts (create, delete, modify, etc.).
• Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
• Manage product enhancement/feature requests with vendors as needed.
• Perform software upgrades, updates, and patches as needed.
• Create client-specific Watch Lists if necessary.
• Perform technical account management duties for specific top-tier, strategic clients.
• Responsible for major SIEM client environmental changes including upgrades.
• Create custom documentation for internal and external needs.
• Responsible for mentoring and training of less experienced SIEM Engineers.
• Attend vendor-specific meetings and conferences for business and professional development.
• Responsible for testing and configuring new products and technologies.
• Assist with designing and documenting work processes within the SOC.
• As per client requirements for this specific posting, being a Natural Born U.S. Citizen is a requirement.
• #LI-TC1

With Optiv you can expect:
• A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+), Veterans Support Network, and Women's Network.• Work/life balance. We offer “Recharge” a flexible, time-off program that encourages eligible employees to take the time they need to recharge • Professional training resources, including tuition reimbursement• Creative problem-solving and the ability to tackle unique, complex projects• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. • The ability and technology necessary to productively work remote/from home (where applicable)
If you are seeking a culture that supports growth, fosters success, and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government, and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services, and Identity and Data Management.
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law. By submitting your information through this page, you consent to Optiv collecting, using, and processing your personal data as part of Optiv’s selection and recruitment activities.  If you sign up to receive notifications of job postings, you may unsubscribe at any time. Optiv respects your privacy.  For additional details on how Optiv uses and protects your information, click here to view our Privacy Policy.