About the role
The SIEM Engineer is a cyber technical resource responsible for leading a team of Tier 1 & 2 SOC Analysts to monitor, detect, analyze, remediate, and report on cyber events & incidents impacting the IT infrastructure. The SIEM Engineer – Tier 3 is a cybersecurity technical resource responsible for deploying and configuring SIEM solution.
As a SIEM Engineer, you will be a LogRhythm SIEM security/deployment specialist for a very diverse client base. You will be working with a team that is responsible for incident management, change execution, and the maintenance and support of various network security technologies in a rapidly changing security sector in MSSP.
This role will ensure best practice implementation and operations of network security solutions, policies and emerging technology to meet and respond to the ever-present threat to our client’s data and infrastructure. You will ensure that all technologies are operationally ready and that the network security, SOC and NOC teams are enabled to execute on capabilities, as needed, to resolve operational issues or business requirements.
The ideal candidate will have an advanced technical background with significant experience in an enterprise successfully leading the SOC team or unit responsible for analysis and correlation of cybersecurity event, log, and alert data. The candidate will be skilled in understanding, recognition, and root-cause detection of cybersecurity exploits, vulnerabilities, and intrusions in host and network-based systems.
- Utilize advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 2 analysts—distinguishing these events from benign activities and escalating confirmed incidents to the Incident Response Lead.
- Provide in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents and make sound technical recommendations that enable expeditious remediation.
- Proactively search through the logs, network devices, and system data to find and identify undetected threats.
- Conduct security tool/application tuning engagements, using LogRhythm SIEM Platform Manager, with analysts and engineers to develop/adjust rules and analyze/develop related response procedures, and reduce false positives from alerting.
- Responsible for deploying LogRhythm SIEM solution to customers.
- Creating scripts using regex and other scripting languages
- Identify and ingest indicators of compromise (IOC’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications
- Quality-proof technical advisories and assessments prior to release from SOC.
- Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.
- Report common and repeat problems, observed via trend analysis, to SOC management and propose process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling.
- Formulate technical best-practice SOPs and Runbooks for SOC Analysts.
- Respond to inbound requests via phone and other electronic means for technical assistance and resolve problems independently. Coordinate escalations with Incident Response Lead and collaborate with internal technology teams to ensure timely resolution of issues.
- Five years of demonstrated operational experience as a cybersecurity analyst/engineer handling cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management.
- Must have 5+ years of hands-on experience with REGEX rules and scripting.
- Must have experience in deploying LogRhythm SIEM Solution.
- LogRhythm Certified Professional/Deployment Engineer (SIEM) definite asset
- Must have 5+ years of hands-on experience with LogRhythm SIEM
- In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.
- In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
- Strong communication, interpersonal, organizational, oral, and customer service skills.
- Strong knowledge of TCP/IP protocols, services, and networking.
- Knowledge of forensic analysis techniques for common operating systems.
- Adept at proactive search, solicitation, and detailed analysis of threat intelligence (e.g., exploits, IOCs, hacking tools, vulnerabilities, threat actor TTPs) derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications, to apply to protect the Government of the District of Columbia network.
- Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
- Ability to work effectively in stressful situations.
- Strong attention to detail.
- BS in Information Security or equivalent work experience required and certifications.
- Any of the following certifications are a plus: CISSP – Certified Information Systems Security Professional. CEH – Certified Ethical Hacker, CompTIA Security +.
- LogRhythm Certified Deployment Engineer or LogRhythm Certified Professional
- One or more of the following certifications: CCNP, Network+, Linux+, GCIA, GCIH, ECIH, CSA+
- In-depth knowledge of TCP/IP and routing, firewall technologies, information security principles and practices.
- Experience using application firewalls, SIEM, IDS/IPS
- Knowledge of common security assessment frameworks such as NIST, HITRUST, COBIT etc
- Competitive salary depending on your experience
- Young and dynamic corporate culture
- Employee benefit package
- Company-provided cell phone and laptop
- Opportunity to advance skills through technical certifications and internal training programs
- Send your CV in English to: [email protected]