SIEM Engineer - Remote
Company Overview
Motorola Solutions is there for our customers when everything is on the line. In extreme moments — when a hurricane lands or when a fire breaks out. And in everyday moments — when a package arrives just in time for the holiday or when a child doesn’t miss the school bus home.
We unify voice, data, video and analytics in one integrated ecosystem to enable individuals, businesses and communities to work together in more powerful ways. To help people make better decisions, act confidently and be their best in the moments that matter. Bring your passion, potential and talents to Motorola Solutions and connect with a career that matters.
Department OverviewThe position is part of our Cloud Infrastructure Engineering (CIE) organization which operates and manages MSI Public Safety Application SaaS platform. You will be part of a team that is responsible for the security of these mission critical systems that are used everyday by public safety and government agencies across multiple countries. In this role, you will also be working in a world-class team that uses state of the art technologies and techniques. Your efforts will help to shape engineering culture and standards across our software product organization.
Job Description
We are seeking an experienced SIEM Engineer who will be responsible to ensure the systems we develop and deploy are being properly monitored. You will work closely with application developers, platform engineers and the MSI 24x7 SOC to ensure that the appropriate incident monitoring capability is in place. You will perform platform level threat modeling, IOC identification, as well as the generation and tuning of SIEM detection rules. You will further support application on-boarding and incident investigations. You will also build tools or services that aid in security testing and monitoring.
This position is open to remote candidates based in the US with some preference being given to candidates who are able to commute to our offices in Chicago, Salt Lake City, Seattle, or Dallas.
Responsibilities:
Understand SaaS system components and the logs they produce.
Identify specific log records needed to detect security events and create alerts based on those identified records
Work with product/platform teams to ensure security events are being properly logged and identifiable as security events
Create Security Event Dashboards
Perform threat hunting using the SIEM, IDS, Azure Security Center and other tools.
Investigating indicators of compromise
Design, hold and participate in game day exercises with simulated incidents.
Work with other members of the cybersecurity team, the cloud infrastructure engineering team and applications development teams to understand the full impact of detected security events.
Support forensic analysis by providing information regarding logged network activity, access to storage accounts and other events of interest
Qualifications:
Bachelor’s degree; Master’s degree preferred
2+ years of security monitoring, SIEM management, security engineering or DevSecOps
6+ years of experience with cyber security concepts, common attack vectors and threat hunting techniques
Experience with threat modeling, threat analysis, threat detection and protective threat monitoring
Familiar with the security logs generated by Linux, Kubernetes, Docker, Web Application Firewalls, and IDS/IPS systems
Familiarity with using Elasticsearch/Kibana is a plus
Good interpersonal skills and ability to collaborate with a variety of work partners including developers, product management, tech support, legal, and senior management.
Strong familiarity with cloud technologies and Azure
Strong familiarity with Windows and Linux is required
Scripting experience with Shell Scripts, Powershell and Python
Familiar with modern web based application design and application security principles including industry best practices and standards such as NIST, OWASP, GDPR, ISO, SOC 2, etc
Familiarity with IP network concepts. NOC/SOC experience is a plus
The following certificates are a plus, CISSP, CCSP, GCIA, GCIH, GCFA, or GCFE
This position is subject to working in high security areas governed by the US Department of Justice's "Criminal Justice Information Services (CJIS) Security Policy" and therefore requires successfully passing a more stringent fingerprint background check administered by Motorola Solutions Inc. customers.
#LI-RS1
Basic Requirements
Bachelor’s degree; Master’s degree preferred
6+ years of experience with 2+ years of security monitoring, SIEM management, security engineering/DevSecOps, cyber security concepts, common attack vectors and threat hunting techniques
Candidates must be a U.S. citizen with the ability to obtain necessary security clearance as required by government contracts. Some contracts may have higher-level clearance requirements. Applicants need not possess a current security clearance.
Vaccine Requirement
Motorola Solutions has implemented a voluntary COVID-19 vaccination policy. We strongly encourage all employees to be fully vaccinated. Any employee who is not vaccinated must wear a mask at all times when at a Motorola Solutions site or otherwise meeting with other Motorola Solutions employees or customers. Employees who have submitted proof of vaccination must follow site-specific or local mask requirements. Additionally, certain local governments or Motorola Solutions' customers may have vaccine requirements that apply to some of our employees.
Travel RequirementsNone
Relocation ProvidedNone
Position TypeExperienced
Referral Payment PlanYes
Our U.S. Benefits include:
- Incentive Bonus Plans
- Medical, Dental, Vision benefits effective Day 1
- 401K with Company Match and Day 1 vesting
- 9 Paid Holidays
- Generous Paid Time Off Packages
- Employee Stock Purchase Plan
- Paid Parental & Family Leave
- and more!
EEO Statement
Motorola Solutions is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran's status, or, any other protected characteristic.