Our client, a large international Information Security Consulting organization, has asked to find a Senior-Level security expert to lead a major SIEM migration. This is a highly visible role with mission critical responsibilities because you will play an integral part of a major multi-year SOC transformation. STRONG SPLUNK UNDERSTANDING IS CRITICAL FOR THIS ROLE.
Responsibilities of the SIEM Security Engineer:
· Architect and manage SIEM technologies, specifically with ArcSight
· Lead a s major SIEM migration into a Splunk environment (complete data migration).
· Develop, tune, and maintain tools to automate analysis capabilities with host and log-based security event analysis
· optimize event ingestion, reporting and alerting
· Create signatures, rule sets, and content analysis definitions for a variety of security detection capabilities
· Manage project tasks, reporting, and customer meetings
Requirements of the SIEM Security Engineer:
· Splunk Web Framework (reports/dashboards/etc.)
· Command line and console-based troubleshooting
· Custom parser creation for events in Syslog, ODBC, ad flat file formats
· Splunk App creation and scripting experience (Python)
· Relevant certifications such as CCNP, CCNA, SANS, CISSP, etc.
· Experience supporting large scale SIEM migrations and project task management
· Expert level knowledge of installing, deploying, documenting, and troubleshooting network perimeter security technologies such as firewalls, proxy servers, intrusion prevention/detection (IDS/IPS), antivirus, antimalware, anti-spam and unified threat management (UTM).
· A solid understanding of networking/distributed computing environment concepts; understands principles of routing, client/server programming, the design of consistent network-wide file system layouts.