Share this job
SIEM Engineer
Baltimore, MD
Apply for this job

Cyber-Security


SIEM Engineer


The SRT DevOps team is seeking an engineering-minded cyber-security engineer that has hands on experience creating and maintaining analytics in a SIEM platform. This DevOps engineer will collaborate with other developers and SMEs in an agile environment to develop state-of-the art detection and automated response capabilities to counter cybersecurity threats, including:


Support current Arc Sight solution and lead effort to migrate detection rules to Splunk ES


Migrate all ArcSight contents to Splunk knowledge objects.


Work with engineering teams on field extractions and validation of logs


Onboarding and normalizing log and reference data-sources needed for analytics


Creation of analytics in Splunk and Splunk Enterprise Security


Improvement and fine-tuning of analytics


Creating data dictionaries for log sources


Operational support for production platforms through health monitoring and root-cause troubleshooting


Skills required


3+ years of SIEM experience.


Excellent knowledge of ArcSight ESM, creating rules, filters, and active lists.


Excellent knowledge of Splunk and ES (Searching, Reporting, Alerting, Dashboards, Correlation searches)


3+ years of blue-team operational security experience within a SOC or MSSP?2+ years of software development experience related applied to the above


Experience using SOAR platforms and Python scripts to automate incident response


Experience creating and maintaining analytics for security use-cases in Splunk and Splunk ES


Experience analyzing data, developing alerts, and designing dashboards for security operations


Comfortable with Unix and Windows CLI from

Experience analyzing infrastructure and application log sources


Knowledge of CIM and experience normalizing data to the common information model


Desired experience writing automation scripts in Python


Good Understanding of regular expressions


Familiarity with the SDLC and proven experience deploying software into a production environment


Experience with streaming data using Rsyslog, Syslog-NG, Nifi and Kafka


Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin


Ability to work in a globally distributed team


Excellent written and verbal communication skills


Passionate interest in cyber security

Apply for this job
Powered by