Groupon’s Information Security team is seeking an experienced Information Security engineer with a strong background in administering Security Information and Event Management (SIEM) applications.  This position is best suited for an experienced Information Security engineer with a strong proven understanding of SIEM products and functionality.

Primary responsibilities will be enhancing visibility and creating intelligence based on Groupon’s global SIEM architecture.  This position will be share responsibility to ensure the safety of Groupon’s information systems assets and to protect systems from unauthorized access and abuse.

This Information Security Engineering position will initially focus on the continued configuration, deployment, and management of Groupon’s SIEM solution across a global infrastructure.  This position will be tasked with implementing intelligent behavior-based monitoring rules, managing log sources & software updates, while also helping expand SIEM coverage and visibility.  Additional responsibilities include the ability to analyze and perform event correlation, create Dashboards and reporting content, troubleshoot, and remediate issues while working closely with IT and engineering teams to ensure that the SIEM is optimized for performance and logging sources are properly configured.

This role will also encompass systems and mechanisms used to for host-based intrusion detection and prevent systems.  The candidate will have knowledge of systems such as OSSEC or similar, and will be able to design, install, configure, and integrate such systems with the SIEM infrastructure.

Though the initial project focus will be enhancement to Groupon’s SIEM infrastructure, this position will expand into other technical information security projects and team responsibilities over time.

Professional Skills & Responsibilities

Qualified candidates will have experience with one or more of the following:

• Act as the Subject Matter Expert (SME) for Groupon’s SIEM solution

• Maintain SIEM operations and technical documentation

• Incorporate change management into all system changes.

• Excellent problem solving capabilities.

• Assist in troubleshooting and problem solving a wide variety of client issues and issues affecting the security of Groupon’s computing resources

• Vendor certification(s) in an enterprise SIEM product is a plus

• Experience with change control policy and procedures.

• Excellent verbal, social, and written communication skills

• Strong analytical, problem-solving and decision making capabilities

• Experience with Amazon Web Services a plus

• Experience implementing and troubleshooting endpoint security tools

• Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise

• Provide technical and operational security support to IT, Engineering, Legal, and business units

• Maintain knowledge of the latest active security threats

• Implement analytics-driven rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs

• Effectively work across a geographically distributed team environment

• Perform analyses against large data sets to identify potentially malicious behavior

• Results oriented, high energy, self-motivated

• High degree of self-sufficiency, ownership, and pride of deliverables

• Demonstrated integrity in a professional environment

• Work closely with internal leadership teams in a collaborative environment to ensure that security awareness and issues are communicated effectively

• Be an ambassador for the Information Security team and provide technical security support, knowledge, and training to other business units within Groupon

• Perform technical security assessments against internal and external facing systems using open source and commercial tools.

• Implement new security technologies as required to support a dynamic/challenging business environment.

• Assist in the maintenance/development of security policies and procedures.

• Individual must have a level understanding of business needs, Engineering/IT capabilities, and security requirements to ensure a proper balance is maintained.

Technical Requirements

• 4+ years of experience administering SIEM technologies in global enterprise networks

• Must possess a thorough and in-depth understanding of SEIM technologies and event collector deployments in an enterprise network

• 4+ years administering Linux and Windows servers

• 5+ years of Information Security experience, in a highly, technical hands on environment.

• Must have demonstrated ability to build and implement SIEM event correlation rules, logic, and content in an enterprise environment

• Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors

• Must have experience creating scheduled and ad-hoc reporting with SEIM tools.

• Strong knowledge of networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP, HTTPS, network routing protocols)

• Experience using with open-source command line utilities and scripting languages such as Perl, Python, Bash.

• Solid information security and threat intelligence knowledge.

• Experience working with network security controls (Routers, Firewalls, Proxies, ACL’s, Wireless networking protocols)

• Working knowledge of PCI, SOX 404, Safe Harbor, and other regulations/standards.

• CISSP and/or CISA Certifications preferred.

• Bachelor’s Degree or equivalent work experience.

• Knowledge of scripting languages such as Perl, Python, Bash.

• Experience with computer forensics and investigations.

• Familiar with log management and SIEM solutions (e.g. Splunk, Nitro, Syslog-ng).

• Experience working with network security controls (Routers, Firewalls, Proxies, ACL’s, Wireless networking protocols)

• Knowledge of PCI, SOX 404, Safe Harbor, and other regulations/standards.

Groupon’s purpose is to build strong communities through thriving small businesses. To learn more about the world’s largest local ecommerce marketplace, click here for the latest Groupon news. Plus, be sure to check out the values that shape our culture, guide our strategy and make our company a great place to work. And just don’t take our word for it. Hear from real Groupon team members and learn more about our employee resource groups. If all of this sounds like something that’s a great fit for you, then click apply and let’s see where this takes us.