SailPoint
Hybrid

Sr. Security Information Event Management Engineer (SIEM)

Sorry, this job was removed at 2:09 a.m. (CST) on Saturday, December 11, 2021
Find out who's hiring in Austin, TX.
See all Cybersecurity + IT jobs in Austin, TX
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

SailPoint is seeking an experienced Senior Security Information Event Management (SIEM) Engineer with demonstrated competencies and thought leadership to contribute toward the success of our cybersecurity initiatives. This critical role will be the technical lead and subject matter expert to provide full technology stack design, implementation, and tuning support for the SIEM platform to include logging and monitoring service delivery. The ideal candidate for this role will have hands-on experience with Splunk or another leading platform (Sumo Logic, Devo, InsightIDR, etc.), engineering and migrating to a cloud based SIEM to include requirements and design artifacts. This role is responsible for creating and providing alerts to the Threat Detection and Response team with event logs from across the enterprise. The success of this role will depend on the engineer's ability to work closely with the Threat Detection and Response team to carefully tune the platform to meet their real-time alerting and analysis requirements. This position will handle ingestion and extraction of log data, applying event logs to data models, generating logic to create and modify alerting, and tuning logic to increase fidelity. A Successful candidate would be one with experience with a wide array of security logging technologies and security use cases, an analytical and detail-oriented mind, and strong organizational practices.
Additional responsibilities include implementing organizational policies and standards for logging and monitoring, maintaining the health, performance, stability, and ongoing support of the SIEM infrastructure, and partnering with other teams in integrating security solutions with the SIEM.
Responsibilities:

  • Establish and maintain a secure SIEM solution architecture with documentation of the design, requirements, configurations and associated procedures for log ingestion and platform maintenance.
  • Design, building, testing and implementation of security alerts and reports using knowledge of event source logs and network packet data.
  • Partner with groups within the organization to ensure successful deployments of the SIEM and interact with end users to gather requirements, perform troubleshooting, and aid with the creation of search queries and dashboards as required.
  • Present and articulate the value of the SIEM, the rationale behind the design and ensure partners and customers within the organization are supported.
  • Create and maintain logging standards for reuse across the organization and ensure appropriate governance aligned with other security policies and standards.
  • Actively seek to improve and develop new alerting and dashboards based upon observed indicators of attack and compromise.
  • Optimize security alerts by designing and implementing recommendations on event source coverage, log and packet meta-tagging, and log and packet filtering.
  • Recognize and onboard new data sources into the SIEM, analyzing the data for parsing, to fulfill stakeholder requirements.
  • Tune and optimize false positives from alerts in partnership with Threat Detection and Response.
  • Document and update the SIEM engineering processes and logging/ingestion procedures.
  • Provide skillful knowledge within a Linux environment, editing and maintaining SIEM configuration files and applications.
  • Evaluates and recommend new and emerging security products and technologies with careful documentation of technical requirements and collection of functional requirements from Threat Detection and Response.
  • Research and document security best practices to continually improve the deployment and use of the SIEM.
  • Stay abreast of current technologies, security compliance requirements, standards, and industry trends to help achieve cybersecurity's goals.
  • Maintain the health, performance, stability, tuning and ongoing planning of the SIEM platform.


Requirements:

  • 2-4 years of direct responsibilities over an Enterprise SIEM in a corporate environment.
  • Must be US Citizen and reside in United States (supporting FedRAMP )
  • Advanced engineering experience of industry leading SIEM platforms (Splunk, QRadar, Sumo Logic, Devo, etc.)
  • Ability to develop advanced queries using the query languages or other scripting techniques.
  • Advanced experience with process automation and/or Scripting (bash, php, Perl, JavaScript, etc.)
  • Experience with Cloud Service Providers (AWS, GCP, Azure).
  • Experience developing and documenting secure design, configurations, and associated procedures for log ingestion and SIEM platform maintenance.
  • Extensive experience working with Syslog and understanding patterns/architecture for log forwarding.
  • Ability to troubleshoot performance and issues as well as SIEM installation and upgrades.
  • Strong experience in analyzing, troubleshooting, and providing solutions for technical issues (problem management and issue triage).
  • Experience in building marketplace connectors for integration into a SIEM outside of Syslog
  • Strong understanding of networking infrastructure concepts, technologies, and protocols.
  • Strong understanding of enterprise application architecture and service message logging standards.
  • Experience in ingesting logs from API driven sources.
  • Creating alerts, dashboards, and reports in Splunk, QRadar or equivalent.
  • Experience in log parsing, lookups, calculated fields extractions using regular expression(regex).
  • Experience in developing alerts for indicators of attack and indicators of compromise to provide to the SOC.
  • Experience presenting complex topics to both business and technical partners.
  • Ability to determine methods and procedures on new assignments with minimal instruction.
  • Experience creating conceptual, logical, and physical security artifacts (process diagrams, topologies, UML, etc.).
  • Experience with technical evaluations and rationalization processes.


Preferred:

  • 5-10 years of hands-on experience maintaining, patching and administration of workstations, servers, and network devices.
  • Experience with Atlassian suite of products for defect management and ticketing.
  • Experience working with a value-added reseller (VAR) and/or direct with solution providers.
  • Experience working with VPC Flow Logging, CloudTrail and CloudWatch.
  • Experience contributing to open-source security projects.
  • Attendee and/or contributor to public security consortium (e.g. OWASP, Security Alliance).
  • ITIL and/or Six-Sigma certifications and training pertaining to efficiency in operations for cybersecurity.
  • Experience with migration from on-premises to cloud based SIEM.
  • Relevant vendor certifications such as:
    • Certified Information Security Systems Security Professional (CISSP)
    • IAC Certified Detection Analyst (GCDA)
    • GIAC Continuous Monitoring Certification (GMON)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Python Coder (GPYC)
    • GIAC Certified Windows Security Administrator (GCWN)
    • GIAC Defensible Security Architecture (GDSA)
    • GIAC Cloud Security Essentials (GCLD)
    • Certified DevSecOps Professional (CDP)
    • GIAC Cloud Security Automation (GCSA)


SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

What are SailPoint Perks + Benefits

SailPoint Benefits Overview

Experience a Small-company Atmosphere with Big-company Benefits

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Employee resource groups
Employee-led culture committees
Hybrid work model
In-person revenue kickoff
President's club
Employee awards
Flexible work schedule
Remote work program
Diversity
Documented equal pay policy
Diversity manifesto
Mean gender pay gap below 10%
Diversity employee resource groups
Hiring practices that promote diversity
Diversity recruitment program
SailPoint's Sail-U program is designed for recent college grads and those with non-traditional backgrounds. It's an early-career program that helps build the next generation of identity leaders.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid holidays
Flexible time off
Office Perks
Company-sponsored outings
Free snacks and drinks
Some meals provided
Company-sponsored happy hours
Onsite office parking
Recreational clubs
Home-office stipend for remote employees
Meditation space
Mother's room
Onsite gym
Professional Development Benefits
Job training & conferences
Lunch and learns
Promote from within
Mentorship program
Online course subscriptions available
Personal development training

More Jobs at SailPoint

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about SailPointFind similar jobs like this