- Act as the local subject matter expert and ambassador for our global SIEM solution.
- Actively engage with the SOC on potential issues and items to investigate.
- Maintain SIEM operations, documentation and knowledge of the latest active security threats.
- Assist in troubleshooting and problem solving a wide variety of client issues and issues affecting the security of our computing resources.
- Provide technical and operational security support to IT, Engineering, Legal, and business units.
- Implement analytics-based rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs.
- Perform analyses against large data sets to identify potentially malicious behavior.
- Implement and communicate best practice on SIEM and Enterprise Security products to both technical and non-technical personnel.
- Actively audit log sources to ensure all infrastructure log data is properly flowing into the SIEM.
- Develop and maintain content and reporting.
- Provide investigative support via SIEM to SOC and Security Analysts.
- Off-hours and Weekend support as required to support investigations and SIEM upgrades.
- 4+ years of experience administering SIEM technologies in a complex global environment.
- Experience building, implementing and tuning SIEM event correlation rules, logic, and content in a large environment to filter out false positives and known errors.
- Experience creating scheduled and ad-hoc reporting with SIEM tools.
- Strong knowledge of networking and web related protocols, open-source command line utilities and scripting languages, network security controls, and log management and SIEM solutions (e.g. Arcsight, ELK, Syslog-ng, etc).
- CISSP and/or GIAC Certifications preferred.
- Bachelor’s Degree or equivalent work experience.
- Experience with computer forensics and investigations.
- Experience with change management policies and procedures.
- Experience with Cloud services such as Azure, Softlayer, or AWS.
- Excellent verbal, interpersonal, and written communication skills.
- Excellent analytical, problem-solving and decision-making capabilities.
- Can effectively work self-sufficiently across a geographically distributed team environment.
- A results oriented, high energy individual who takes pride in their work.
- Familiarity with DevOps is a plus.
- Professional experience working with networks and network architecture is a plus.
- Vendor certification(s) in an enterprise SIEM product is a plus.