Work with senior SIEM Administrators to develop and deliver solutions to gain visibility of security events within our environment. Build new or develop existing event correlation, reporting and remediation capabilities based on advanced monitoring use cases, external threat intelligence, and known traffic patterns. Identify new or develop existing data integration points to build a security data warehouse for the purpose of exploratory analytics.
1. Assumes responsibility for effective administration of the SIEM environment.
a. Maintain SIEM software and hardware.
b. Patches when necessary.
d. Design and maintain SIEM workflow infrastructure.
e. Add and maintain SIEM users and permissions.
f. Assist with evaluation and pilot of new SIEM products and features
2. Assists with maintaining effective Rule Authorization on the SIEM.
a. Identify and design use cases that address specific enterprise needs.
b. Evaluate existing SIEM standard content and use cases and adapt them to meet enterprise goals.
c. Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists and session lists.
3. Assists with metrics and reporting.
a. Creation of technically detailed reports showing the status of the SIEM to include:
• Number of logging sources
• Log collection rate
• Server Performance
b. Creation of technically detailed reports showing the status of Incidents to include:
• Baseline reports showing incident categories
• Baseline reports showing critical alerts and average time to closure
• Baseline reports showing progression of IR program
4. Assumes responsibility for establishing and maintaining effective communication, coordination, and working relations with area staff and management.
a. Keeps management informed of significant problems and of progress attained in reaching established objectives. Provides recommendations for establishing new and more effective programs and future equipment needs. Suggests related procedural changes.
b. Assists and supports the rest of the team as needed.
c. Prepares reports of activities, records, and other required documents.
d. Attends and participates in meetings and committees as required.
e. Works with server, desktop, and laptop administrators to ensure their systems are fully patched and follow established security hardening procedures.
5. Assumes responsibility for related duties as required or assigned.
a. Stays informed of changes in computer technology.
b. Keeps work area clean, secure, and well-maintained.
c. Completes special projects as assigned.
d. Assists with security assessments of credit union systems.
e. Assists with the security assessment of various software purchases, external vendors and technology service providers.