U

Cyber Security Engineer III

US Retail
Full-time
On-site
Framingham, Massachusetts, United States
Description




Staples is business to business. You’re what binds us together.


Our digital solutions team is more than a traditional IT organization. We are a team of passionate, collaborative, agile, inventive, customer-centric, results-oriented problem solvers. We are intellectually curious, love advancements in technology and seek to adapt technologies to drive Staples forward. We anticipate the needs of our customers and business partners and deliver reliable, customer-centric technology services. 


What you’ll be doing:



  • Leverage SIEM and SOAR platforms to create and maintain detections to identify attacker TTPs.

  • Create and maintain customized dashboards within SIEM to support Risk-Based Alerting and the SOC's detection and investigation needs.

  • Manage Logging Infrastructure supporting both SIEM and SOAR solutions.

  • Develop and manage both existing and new custom log integrations and parsers.

  • Maintain continuous automated detection testing configurations.

  • Perform testing and tuning of SIEM detection logic to minimize false positives, false negatives, and alert duplication.

  • Consistently document detection use cases.

  • Deliver functional value resulting from research in the form of queries, signatures, rules, and contextual information.

  • Assist with advancing security standard operating procedures and incident response reporting.

  • May provide 24 / 7 on-call security response. 


What you bring to the table:



  • Ability to implement and maintain Cloud Security Monitoring

  • Ability to write and tune Detection Use Cases and Automation Playbooks

  • Proactively monitor SIEM detections for opportunities to improve and tune

  • Proactively monitor SIEM Infrastructure for availability and efficiency improvements

  • Ability to anticipate and prevent problems and roadblocks before they occur. Ability to identify problems and significantly improve, change, or adapt existing methods and techniques drawing from personal experiences and feedback.

  • Ability to interact with internal and external peers and managers to exchange complex information related to areas of specialization.

  • Demonstrated knowledge of MITRE ATT&CK Tactics and Techniques (or Killchain can be substituted not 100% required)

  • Familiarity with Compliance & Regulatory Frameworks like PCI, SOX etc.







 




Qualifications - External


What’s needed- Basic Qualifications:



  • Bachelor’s degree in Computer Science, Computer Engineering, or a related field, or equivalent work experience.

  • 3+ years of SIEM detection content creation

  • 2+ years of LogicApps, Phantom SOAR or similar experience

  • 1+ years of Azure Sentinel or similar experience

  • 2+ years of Splunk or similar experience

  • 2+ years of writing Custom API integrations and Log Parsers

  • 2+ years of supporting logging and routing tools like syslog-ng, rsyslog etc

  • 1+ years of experience of Azure Cloud Security Monitoring or similar experience

  • 2+ years experience with scripting languages (Python, PowerShell, others)


 What’s needed- Preferred Qualifications:



  • Strong knowledge and understanding of network protocols and devices.

  • Strong experience correlating data across very large and diverse datasets

  • Strong experience of writing custom code for custom API integrations and Log Parsers

  • Strong Attitude to Learn, Develop and Share

  • Strong Team Player

  • 3+ years of experience with Azure Security Monitoring or similar experience

  • Experience analyzing common security logs (e.g. Authentication, DNS, Endpoint, Network, Proxy, etc) to detect security incidents


 We Offer:



  • Inclusive culture with associate-led Business Resource Groups

  • Flexible PTO (22 days) and Holiday Schedule (7 observed paid holidays)

  • Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!






Apply now
Share this job
Twitter Facebook Linkedin Email