Sr. SIEM Engineer
Start a Rewarding Career with Alliant
What will your day look like?
You will be responsible for responsible for ensuring system logs, alarms, and events are correctly identified, alerted, analyzed, communicated, and reported. The incumbent will detect and minimize security intrusions by effectively leveraging our Security Information and Event Management (SIEM) system.
Additionally, the incumbent will aid in the monitoring, threat analysis, trend analysis, troubleshooting of security device monitoring, and incident investigation using infrastructure and applications logs from across the enterprise. A strong background in writing SQL queries and managing SIEM systems in a bank or credit union environment is strongly preferred. General direction is received from the Sr. Manager, Security Operations Center.
Responsibilities
Do you see yourself doing this?
- Designing, writing, and monitoring rules to safeguard Alliant's information assets and effectively identify and mitigate both internal and external threats to these goals
- Facilitating the monitoring, detection, analysis, and resolution of security incidents
- Providing infrastructure protection by continuously analyzing alerts and logging
- Developing new triggers and reporting within SIEM and log retention/management tools
- Writing rules for Security Information and Event Management (SIEM) system
- Managing the health of the SIEM by working with our third-party vendor
- Reviewing SIEM logs and alerts to identify and report possible security events
- Designing and writing smart response rules to take automated actions against accounts and devices that have triggered alerts
- Responding to security events with 24 x 7 availability
- Working with other teams and third-party vendors to research and resolve security and related system integration issues
- Monitor and process responses for security events on a 24x7 basis
- Remain current and knowledgeable about new threats; analyze attacker tactics, techniques, and procedures (TTPs) from security events across an extensive heterogeneous network of security devices and end-user systems
- Ability to investigate security incidents
- Leverage automation and orchestration solutions to automate repetitive tasks
- Assist with an incident response as events are escalated, including triage, remediation, and documentation
- Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships
- Share information as directed with other team members and ISACs
- Manage security event investigations, partnering with other departments (e.g., IT), as needed
- Evaluate SOC policies and procedures, and recommend updates to management as appropriate
- Adhere to service level agreements (SLAs), metrics, and business scorecard obligations for ticket handling of security incidents and events.
- Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security, and data networking, to offer global solutions for a complex heterogeneous environment
- Maintain working knowledge of advanced threat detection as the industry evolves
Qualifications
What makes you a great fit?
You'll be a great fit if in addition to the completion of a High School degree or equivalent required, Bachelor's degree preferred, and you have:
- 7+ years' hands-on Information Security detection experience preferably within a bank or credit union with understanding of how banking transactions work
- 7+ years' managing rights and troubleshooting of operating systems (e.g., Windows, Redhat Linux) and SIEMs.
- Hands-on experience with one or more industry leading SIEM products and related systems (e.g., Splunk, LogRhythm, QRadar, RSA Web Threat Detection), MS SQL, Cisco, Microsoft server products, Redhat Linux, DLP products (e.g., Symantec DLP, Websense DSS) and other log management products.
- Experience performing event correlations and writing regular expressions
- Experience creating custom rules in SIEM products
- Plus ++ Experience analyzing fraud trends and proactively designing solutions to mitigate them
- Ability to create complex SQL queries, analyze results and identify trends
- Industry certifications (CISSP, CISA, SANS) or willingness to obtain
- Available to be on-call 24/7 for Incident Response
- Direct experience or familiarity with cyber-attack vectors
- Integrity and high standards of personal and professional conduct
- Strong interpersonal and written/verbal communication skills (this role involves communicating with end users within various departments such as Fraud and DBAs)
- Ability to achieve goals through influence, collaboration, and cooperation
- Proficient with Microsoft Office Suite
- Experience driving measurable improvement in monitoring and response capabilities at scale
- Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), DLP, and other network and system monitoring tools
- Knowledge of a variety of Internet protocols
- Working knowledge/experience with network systems, security principles, applications, and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), and the General Data Protection Regulation (GDPR)
- Demonstrate an analytical and problem-solving mindset
- Leverage strategic and tactical thinking
- Work calmly under pressure and with tight deadlines
When you're happy, we're happy!
As a thank you for joining our team, you'll benefit from:
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off
Still not convinced?
For more details you can also visit our Glassdoor and LinkedIn profiles.