Fivesky is looking for a highly motivated and talented SIEM Engineer to join a team that supports a global player’s Cybersecurity response team. Ideally you have Splunk skills, creating and maintaining analytics, knowledge or interest of Cybersecurity (blue team and Security Operations Center(SOC) /Managed Security Service Provider-(MSSP)) and some Python scripting skills
What you’ve done:
- 3+ years of hands-on SIEM experience (Preferably Splunk).
- Worked with ArcSight ESM, creating rules, filters, and active lists
- Used Splunk ES and the following features (Searching, Reporting, Alerting, Dashboards, and, Correlation searches)
- 3+ years of operational security experience (SOC or MSSP)
- 2+ years of software development experience within an a SIEM environment
- Analyzed data, developed alerts, and designed dashboards
- Comfortable with Unix and Windows commands
- Worked in a fast-paced multifaceted DevOps environment
What you will do:
- Lead the effort to migrate detection rules to Splunk ES and maintain existing Arcsight platform
- Migrate the contents of Arcsight to Splunk knowledge objects.
- Work with closely with engineering on field extractions and log validation
- Use Python within a SOAR (Security Orchestration, Automation, and Response) environment to automate incident response
- Utilize reference data and normalize log data for analytics
- Create analytics in Splunk and Splunk ES
- Make changes where needed to improve analytics
- Create data dictionaries for log sources
- Check the health and monitor root-causes to support production platforms
Would be awesome if you:
- Utilize Python for automation
- Have Regex experience
- Certifications like (Splunk Certified Consultant / Splunk Certified Enterprise Security Certified Admin)
- Knowledge of ETL processes and SIEM technologies, like ArcSight, QRadar, Splunk.
- Worked throughout the SDLC and have experience deploying software into production
- Experience with using Rsyslog, Syslog-NG, Nifi and Kafka to streaming data
- Passion for Cybersecurity
At Fivesky, our employees are our greatest asset and the focal point around which we operate; therefore, we always want the best for our employees. In addition to offering competitive compensation plans and long-term career opportunities, we offer an attractive mix of benefit plans to our employees that include provisions for vacation, holiday pay, and sick days.
Fivesky is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, genetic information, or any other characteristic protected by law.
This is a full-time opportunity in Baltimore, MD. Salary is open based on experience and qualifications.
(FS-RID-0398)