Work with senior SIEM Administrators to develop and deliver solutions to gain visibility of security events within our environment. Build new or develop existing event correlation, reporting and remediation capabilities based on advanced monitoring use cases, external threat intelligence, and known traffic patterns. Identify new or develop existing data integration points to build a security data warehouse for the purpose of exploratory analytics.
1. Assumes responsibility for effective administration of the SIEM environment.
a. Maintain SIEM software and hardware.
b. Patches when necessary.
c. Design and maintain SIEM workflow infrastructure.
d. Add and maintain SIEM users and permissions.
e. Assist with evaluation and pilot of new SIEM products and features
2. Assists with maintaining effective Rule Authorization on the SIEM.
a. Identify and design use cases that address specific enterprise needs.
b. Evaluate existing SIEM standard content and use cases and adapt them to meet enterprise goals.
c. Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists and session lists.
3. Assists with metrics and reporting.
a. Creation of technically detailed reports showing the status of the SIEM to include:
· Number of logging sources
· Log collection rate
· Server Performance
b. Creation of technically detailed reports showing the status of Incidents to include:
· Baseline reports showing incident categories
· Baseline reports showing critical alerts and average time to closure
· Baseline reports showing progression of IR program
4. Assumes responsibility for establishing and maintaining effective communication, coordination, and working relations with area staff and management.
a. Keeps management informed of significant problems and of progress attained in reaching established objectives. Provides recommendations for establishing new and more effective programs and future equipment needs. Suggests related procedural changes.
b. Assists and supports the rest of the team as needed.
c. Prepares reports of activities, records, and other required documents.
d. Attends and participates in meetings and committees as required.
e. Works with server, desktop, and laptop administrators to ensure their systems are fully patched and follow established security hardening procedures.
5. Assumes responsibility for related duties as required or assigned.
a. Stays informed of changes in computer technology.
b. Keeps work area clean, secure, and well-maintained.
c. Completes special projects as assigned.
d. Assists with security assessments of credit union systems.
e. Assists with the security assessment of various software purchases, external vendors and technology service providers.
· College degree preferred.
· CISSP or GIAC certification preferred.
· Basic understanding of firewall and intrusion detection system administration.
· Basic understanding of TCP/IP.
· Use of advanced security assessment tools.
· Understanding of antivirus systems and how they operate.
· Advanced understanding of Linux, BSD, and Windows operating systems.
· Ability to tune and harden various operating systems.
· Bash, Perl, or other scripting experience.
· Ability to use security systems to correlate and respond to security alerts and events.
· Strong understanding of RSA, LDAP, and other authentication systems.
· One to two years experience in a security related information systems role.
· One to two years hands-on experience administering an enterprise-class SIEM
· Strong analytical and problem solving skills.
· Well organized, with good verbal and written communications skills.
· Ability to prioritize and plan projects effectively.
· Ability to assist others and share knowledge with other team members.
· Able to use PC, terminal keyboards, and various computer hardware.