Lead SIEM Engineer
Rockwell Automation
CloudFirewallsPerlPHPPythonSDLCSplunk
Job Level
Mid-LevelSenior
Tech Stack
AWSCloudFirewallsSplunk
About the role
- Secure and protect G-P infrastructure; manage and administer various security technologies, platforms, and tools
- Investigate alerts, triage, deep dive, and develop remediation plans
- Conduct investigation, containment, and other response activities with business stakeholders and groups
- Perform in-depth technical analysis (log, forensic, malware, packet) during incident response
- Compose incident analysis and findings reports for management, including gap identification and recommendations
- Recommend or develop new detection logic and tune existing sensors/security controls
- Provide oversight of security alert detection and analysis capabilities across multiple technologies
- Escalate and support potential security incidents per processes and support communications via multiple channels
- Identify and analyze new and emerging threats and provide recommendations to strengthen G-P security posture
- Assist with information security due diligence requests as needed
- Provide security recommendations to team members, management, and stakeholders for solutions and enhancements
- Operate with elevated access rights, exercise risk-based judgement, and engage cross-functional teams to ensure adherence to security processes and policies
Requirements
- Bachelor’s Degree in Information Technology, Computer Science, Business, or Engineering required, or equivalent experience
- 5+ years of information security experience, preferably in the technology industry
- Hands-on security operations experience including interdisciplinary experience with two or more of: Cyber Threat Analysis, Incident Response, Application Security, Operating Systems Security, Networking, Programming languages
- Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies and motives
- Familiarity with computer network exploitation and network attack methodologies
- Experience with cloud computing; AWS preferred
- Shift work and availability for 24 x 7 on-call support responsibilities
- Strongly prefer at least one certification: CISSP, GCIA, GCIH, CHFI, GCFA, CASP+
- Log analysis and security content development in SIEM solutions (e.g. Google SecOps/Chronicle, Splunk, IBM QRadar, LogRhythm)
- Experience with endpoint detection and response tools (e.g. CrowdStrike, SentinelOne, Microsoft Defender)
- Incident Response playbook development and managing security incident analysis and remediation
- Experience with network-based preventative and detective technologies (Secure Web Gateway, Private Access, IDS/IPS, firewalls, proxy servers; e.g. Netskope, Zscaler, Palo, Versa)
- Scripting and development to leverage APIs for integrating security monitoring and analysis tools
- Strong understanding of security in DevOps, specifically CI/CD
- Experience in SaaS, multi-tenant customer solutions
Similar jobs on JobTailor
GRC Specialist
Unit
AWSCloudKubernetes
SOC Manager
Devsinc
AWSAzureCloudCyber SecurityPythonServiceNowSplunk
Manager, Incident Response
Lumin Digital
AWSCloudCyber SecurityFirewallsKubernetesLinux
Cybersecurity Engineer – Splunk SME
Dragonfli Group
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaScriptLinuxPythonSplunkSQLUnix