Conexess – Conexess Design Skip to main content

Career Opportunities

SIEM Engineer (Remote)

Job Title
SIEM Engineer (Remote)
Job ID
27692330
Work From Home
Yes
Location
Pittsburgh,  PA 15275
Other Location
Description
Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.

Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.

Conexess Group is aiding a large healthcare client in their search for an SIEM Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.

******We are unable to work C2C on this role******

Responsibilities:
  • Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
  • Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
  • Create cost effective SPLUNK content using RBA framework
  • Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
  • Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
  • Development of parsers/field extractions to facilitate reliable content development.
  • Development of custom scripts as required to augment default SIEM functionality.
  • Participate in root cause analysis on security incidents and provide recommendations for future detection.
  • Create, implement, and maintain novel analytic methods and techniques for content incident detection.
  • Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
Qualifications:
  • 4+ years of experience supporting a Splunk platform developing new content, applications, dashboards and use cases.
  • Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
  • Splunk Core Certified Power User.
  • Must have prior experience in Enterprise Splunk Security.
  • Must have experience building and prioritizing RBA content.
  • Understanding of various log formats and source data for SIEM Analysis.
  • Solid background with Windows and Linux platforms (security or system administration).
  • Ability to effectively communicate with anyone, from end users to senior leadership- facilitating technical and non-technical conversations.
  • Strong incident handling/incident response/security analytics skills.
  • Deep understanding of technical concepts including networking and various cyber-attacks.
  • Solid comprehension of various security controls, capabilities and use in a corporate environment.
Desired Skills & Experience:
  • 3+ years’ experience performing SOC analysis and/or incident response
  • 3-4 years parser development with regex experience
  • 3-4 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
  • 1-2 years mentoring or leading others
  • 1-2 years using Splunk UBA rules
  • 1-2 years automating with Python
  • 1-2 years working with a XSOAR platform
#LI-RK1
#LI-Remote
 

Option 1: Create a New Profile