Conexess – Conexess Design Skip to main content

SIEM Engineer (Remote)

Job Title
SIEM Engineer (Remote)
Job ID
27692330
Work From Home
Yes
Location
Pittsburgh,  PA 15275
Other Location
Description
Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.

Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.

Conexess Group is aiding a large healthcare client in their search for an SIEM Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.

******We are unable to work C2C on this role******

Responsibilities:
  • Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
  • Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
  • Create cost effective SPLUNK content using RBA framework
  • Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
  • Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
  • Development of parsers/field extractions to facilitate reliable content development.
  • Development of custom scripts as required to augment default SIEM functionality.
  • Participate in root cause analysis on security incidents and provide recommendations for future detection.
  • Create, implement, and maintain novel analytic methods and techniques for content incident detection.
  • Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
Qualifications:
  • 4+ years of experience supporting a Splunk platform developing new content, applications, dashboards and use cases.
  • Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
  • Splunk Core Certified Power User.
  • Must have prior experience in Enterprise Splunk Security.
  • Must have experience building and prioritizing RBA content.
  • Understanding of various log formats and source data for SIEM Analysis.
  • Solid background with Windows and Linux platforms (security or system administration).
  • Ability to effectively communicate with anyone, from end users to senior leadership- facilitating technical and non-technical conversations.
  • Strong incident handling/incident response/security analytics skills.
  • Deep understanding of technical concepts including networking and various cyber-attacks.
  • Solid comprehension of various security controls, capabilities and use in a corporate environment.
Desired Skills & Experience:
  • 3+ years’ experience performing SOC analysis and/or incident response
  • 3-4 years parser development with regex experience
  • 3-4 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
  • 1-2 years mentoring or leading others
  • 1-2 years using Splunk UBA rules
  • 1-2 years automating with Python
  • 1-2 years working with a XSOAR platform
#LI-RK1
#LI-Remote

 

Option 1: Create a New Profile