SIEM Engineer (Remote)
- Job Title
- SIEM Engineer (Remote)
- Job ID
- Work From Home
- Pittsburgh, PA 15275
- Other Location
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for an SIEM Engineer in a remote capacity. This is a long-term opportunity with a competitive compensation package.
******We are unable to work C2C on this role******
- Understand data feeds of various security tools and logs that feed the SIEM & UBA technologies. Ability to identify capabilities and quality of these feeds and recommend improvements.
- Ability to craft new content use cases based on: threat intelligence, analyst feedback, available log data, and previous incidents.
- Create cost effective SPLUNK content using RBA framework
- Perform day to day activities of the content life cycle, including creating new use cases, testing content; tuning, and removing content; and maintain associated documentation.
- Work with the other security teams and product SMEs to identify gaps within the existing analytical capability.
- Development of parsers/field extractions to facilitate reliable content development.
- Development of custom scripts as required to augment default SIEM functionality.
- Participate in root cause analysis on security incidents and provide recommendations for future detection.
- Create, implement, and maintain novel analytic methods and techniques for content incident detection.
- Ensure documentation for content is available on team confluence or other tracking mechanism- specifically including content roadmap and documentation on current content.
- 4+ years of experience supporting a Splunk platform developing new content, applications, dashboards and use cases.
- Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK framework).
- Splunk Core Certified Power User.
- Must have prior experience in Enterprise Splunk Security.
- Must have experience building and prioritizing RBA content.
- Understanding of various log formats and source data for SIEM Analysis.
- Solid background with Windows and Linux platforms (security or system administration).
- Ability to effectively communicate with anyone, from end users to senior leadership- facilitating technical and non-technical conversations.
- Strong incident handling/incident response/security analytics skills.
- Deep understanding of technical concepts including networking and various cyber-attacks.
- Solid comprehension of various security controls, capabilities and use in a corporate environment.
- 3+ years’ experience performing SOC analysis and/or incident response
- 3-4 years parser development with regex experience
- 3-4 years of experience as a security analyst, incident handler/responder, security engineer, or penetration tester.
- 1-2 years mentoring or leading others
- 1-2 years using Splunk UBA rules
- 1-2 years automating with Python
- 1-2 years working with a XSOAR platform