What You'll Do
You will be responsible for providing engineering and administration in supporting a number of security tools used by the SOC.
In this role, you will use tools include but are not limited to a SIEM, Endpoint protection solutions, Vulnerability management solution and a case management solution.
Additionally, you will recognize and onboard new data sources into Splunk, analyzing the data for anomalies and trends, and building dashboards highlighting the key trends of the data. You'll need to be proficient within a Linux environment, editing and maintaining Splunk configuration files and apps.
You will also work closely with Security analysts with whom you will be required to interact regularly to gather requirements, perform troubleshooting, finetuning and provide assistance with the tools where needed, you will also be required to interact with management regularly. In this role, you will integrate tools for information exchange where applicable, maintain security alerts; constantly fine tune, manage exceptions, and review detections to improve security detections.
You will collaborate closely with internal and external auditors to measure security compliance of security tools for protection coverage, you'll be expected to continue learning and improving your security engineering skills to match the current technical security challenges and innovations, and perform product evaluations and compare security tools against business requirements. Lastly, you'll have access to all the technical and management training courses you need to become the expert you want to be.
Who You'll Work With
You will work in our Atlanta, GA or Waltham, MA office as part of the Security Operations Center and collaborate with fellow security engineers, analysts, and other IT security specialists.
The Security Operations Center (SOC) is McKinsey and Company's internal security monitoring, detection, and response organization tasked with the detection and response to cyber threats to our firm. The SOC is a 24/7 organization with teams in different geographical zones to ensure continuous operations and coverage of security monitoring, detection, and response.
Qualifications

• Bachelor's degree
• Must be a US Citizen
• 3+ years of experience working in a Linux environment
• Hands on experience working with FedRAMP
• Experience in a Splunk engineering role supporting SOC or NOC environments
• Practical knowledge and experience with Ansible and GIT
• Experience in Container and Kubernetes workloads is a plus
• Ability and familiarity with change and configuration management in an enterprise environment
• Ability to script in one more of the following computer languages Python, Bash, or PowerShell
• Working knowledge of AWS cloud
• Strong written and verbal communication skills
• Higher Splunk certifications preferred, such as Splunk Certified Architect Certification
• AWS and AZURE cloud certifications also preferred