Offensive Security Engineer
U.S. Bank
Cybersecurity Architect, SIEM Monitoring
Caesars Entertainment
full-time
Posted on:
Location: 🇺🇸 United States
Visit company websiteJob Level
SeniorLead
Tech Stack
AWSAzureCloudCyber SecurityGoogle Cloud Platform
About the role
- The SIEM Monitoring Cybersecurity Architect plays a critical role in the day-to-day implementation, maintenance, and support of cybersecurity visibility and monitoring within the enterprise. This role manages, maintains, and improves the monitoring and visibility tools and integrations to support the implementation of a zero-trust infrastructure. This position is responsible for implementing, configuring, and improving overseeing integrations and automation to support cybersecurity visibility efforts. These efforts will have a focus on reducing detection delays, reducing false positives, and improving the integration of new and existing tools to provide effective detection of activities in the Enterprise to enable comprehensive visibility while adhering to best practices and industry standards.
- This role collaborates with cross-functional teams to ensure robust security monitoring and incident response capabilities.
- Responsible for ongoing optimization of SIEM tooling, alert tuning, and data enrichment to maximize detection effectiveness.
Requirements
- Bachelor\'s degree in Computer Science, Business Management, MIS, Information Technology, or similar related cyber disciplines; or equivalent work experience
- At least a minimum of seven (7) years of related business experience
- Superior communications skills, both verbal and written
- Certified training in Security Management, Risk and Compliance Solutions and Practices. CISSP, GSEC, CRISC, or related certification(s)
- Experience with cloud-based monitoring solutions
- Programming and scripting skills for automation and customization
- Implement native integrations with cloud services (CloudTrail, Azure Monitor, GCP Audit Logs, etc.)
- Configure APIs and collectors for hybrid environments to ensure full telemetry coverage
- Integrate IAM sources such as Active Directory, LDAP, Azure AD, and SSO providers (Okta, Ping)
- Correlate authentication events for anomaly detection and behavior baselining
- Enable contextual enrichment of logs with IOCs (IPs, domains, file hashes, etc.)
- Capture telemetry and logs from custom and third-party applications
- Participate in the development of the annual strategy and capacity planning activities
- Prepare status reports and other metrics as needed
- Manage projects with IT and property teams and for projects internal to Cybersecurity
- Assist with general administrative activities in collaboration with all team members
- Collaborate with application and system owners to integrate monitoring solutions into existing and new services
- Design and implement ingestion of logs from endpoints, servers, network devices, applications, cloud platforms (AWS, Azure, GCP), and SaaS services
- Integrate detection and response solutions providing real-time visibility into user and device behavior
