What You'll Do
You will be responsible for providing leadership and administration in supporting a number of security tools used by the SOC.
These tools include but not limited to a SIEM, Endpoint protection solutions, Vulnerability management solution and a case management solution.
You'll recognize and onboard new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. You'll need to be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.
You will also work closely with security analysts and security engineers with whom you will be required to interact regularly to gather requirements, perform troubleshooting, finetuning and provide assistance with the tools where needed. You will also be required to interact with management regularly.
You'll integrate tools for information exchange where applicable.
You'll maintain security alerts; constantly fine tune, manage exceptions, and review detections to improve security detections.
You'll collaborate closely with internal and external auditors to measure security compliance of security tools for protection coverage.
You'll continue learning and improving your security engineering skills to match the current technical security challenges and innovations.
You'll perform product evaluations and compare security tools against business requirements.
You'll have access to all the technical and management training courses you need to become the expert you want to be.
Who You'll Work With
You will work in our Waltham, MA or Atlanta, GA office as part of the Security Operations Center and collaborate with fellow security engineers, analysts, and other IT security specialists.
The Security Operations Center (SOC) is McKinsey and Company's internal security monitoring, detection, and response organization tasked with the detection and response to cyber threats to McKinsey & Company. The SOC is a 24/7 organization with teams in different geographical zones to ensure continuous operations and coverage of security monitoring, detection, and response.
Qualifications

• A minimum of a Bachelor's degree
• Must be a US Citizen
• A working knowledge of AWS cloud and FedRAMP
• Experience in a Splunk engineering role supporting SOC or NOC environments
• At least 3 Years of experience working in a Linux environment
• Practical knowledge and experience with Ansible and GIT
• Ability and familiarity with Change & Configuration Management in an enterprise environment
• Ability to script in one more of the following computer languages Python, Bash, or Powershell
• Experience in Container & Kubernetes workloads is a plus
• Ability to create and maintain high-quality documentation (procedures, process diagrams, learning material)
• Higher Splunk certifications preferred, such as Splunk Certified Architect Certification
• AWS and AZURE cloud certifications also preferred.