Description
The Role:
The SIEM-focused Security Engineer is responsible for the engineering and implementation of the infrastructure supporting our client's SIEM environment across cloud and in-house data centers including but not limited to:
- Ingestion of event data from AWS, Azure, O365 and GCP cloud environments
- Ingestion of event data from in-house data centers
- Engineering of the feeds, collectors, forwarders, correlation, deduplication, storage, and presentation layers of a SIEM solution
- Design and implementation of a producer/consumer data model for event and log processing
- Engineering support to the Security Operations and Investigation staff
Experience:
- 3+years of experience working with a CSP IaaS and PaaS offering
- 2 years+ experience working with Splunk; 4 years+ for a senior position, with experience in deploying Splunk in a complex globally distributed large scale deployment modes
- Demonstrated ability architecting and/or implementing Splunk Enterprise
- Strong experience with SIEM API integration, including proficiency in making in API calls and data manipulation using python
- Technical knowledge of cloud orchestration/deployment solutions: terraform, CFTs, jenkins, chef, gitlab, bitbucket
- Possess deep knowledge and expertise in Amazon Web Services (AWS), Azure, and/or Google Cloud Platform service, O365, certifications a plus
- Expertise in at least one Scripting language (Python, bash, etc.) is highly desirable
- Expertise with an enterprise data streaming capability (eg, DSP, Confluent, Kinesis) including architecture, deployment, sources/sinks, functions and building pipelines