Our client’s Security team is seeking a passionate senior security engineer which will be in charge of security monitoring and incident response playbook automation focusing on SIEM technology, SOAR, and operations. You will join a cybersecurity-focused team and help protect the security and privacy of millions of Company’s readers and users. As part of your job you will be called upon to understand the security team’s and other company’s stakeholder requirements with regards to monitoring and new insights and recommend the appropriate solution to meet those requirements.
Your job requires:
● Developing new SIEM rules, correlations, dashboards to meet inhouse needs
● Developing new SOAR playbooks and actions
● Developing new custom SOAR integrations and automations
● Understand team members’ and stakeholders’ requirements and recommend best practices SIEM and SOAR funnel
● Offer consultative advice in security principles and best practices related to SIEM operations.
● Lead investigations and uncover issues by analyzing security events and coordinating responses.
● Coordinate incident response activities, including written and verbal communication with stakeholders.
● Design and document capabilities.
● Ability to work with a team or independently with minimal supervision.
● Have an understanding of past, current, and emerging security exploit types.
● Ability to explain complex security problems
● B.S. or M.S. Computer Science or related field, or equivalent experience
● Technical experience across various product security areas including web applications, mobile, infrastructure, cryptography, etc.
● 4 (or more) years of demonstrated experience in SIEM environments
● Experience with Splunk ES – Creating Rules, Data Models, Reports, and Dashboards ● Scripting experience with Python and Bash
● Experience with REST APIs, SQL, NoSQL, Regular Expressions.
● Excellent communication skills and leads by influence
● Experience and proficient in Mac, UNIX/Linux environment
● Strong familiarity with cyber-security technologies, risks and solutions
● SIEM vendor certification of an administrator
● Experience with the Splunk enterprise Cluster implementation, components, and infrastructure
● Understand in-depth Splunk Common Information Model (CIM) and TSTATS
● Understand in-depth Splunk SPL
● Understand in-depth Demisto XSOAR
● Experience working in high scale SaaS provider