SIEM Engineer

State Street - Quincy, MA3.5

Full-timeEstimated: $99,000 - $150,000 a year
EducationSkills
Serve as a critical team member of the Corporate Information Security (CIS) Cybersecurity Operations Center (SecOps), participating in all aspects of the State Street’s Managed Security Services (MSS) Program and managing the Security Information and Event (SIEM) Platform. Develop and maintain a strong understanding of State Street business and IT processes, log sources, security events, and security controls. Must have experience with SIEM migration. Candidate will develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based, and log-based security event analysis. Candidate will create signature, rule sets, and content analysis definitions form various intelligence sources for a variety of security detection capabilities. Candidate will manage project tasks, reporting, and customer meetings. Position requirements include basic knowledge of IT security and data analytics.

Primary Responsibilities:
Maintain the operational readiness of a multi-site SIEM platform at an enterprise scale
Define logging standards and maintain log data integrity to meet requirements and compliance
Onboard log sources from a diverse population of endpoints; Develop and maintain unsupported log sources
Coordinate and work with log source owners to configure the integration into the SIEM
Tuning and continuous improvement of correlation rules; Coordinate tuning meetings for false positive reduction
Execute cadence for monthly data and log integrity and system health checks
Design, configure, maintain, and troubleshoot all components of the SIEM platform
Maintain operating system updates as well as versioning for SIEM components
Roadmap and upgrade SIEM and related technologies
Coordinate with and support SecOps
Provide SIEM training
Document and maintain processes and procedures
Support audit and penetration testing operations
Support development of metrics from the SIEM platform

Required Skills:
Bachelor’s degree (B.S.) in Computer Science or a related field ideally involving information analytics or cyber security
Minimum of 7 years related work experience
Strong analytical skills required
Ability to review reports and system activity logs to identify critical events, prioritize, and escalate as appropriate
Ability to make meaningful contributions to incident response activities

Strong understanding/knowledge of:
Information Technology
Cyber security
Incident response
Threat intelligence
Log management systems
Must have excellent written and verbal communication skills and ability to present information to senior management and technical staff

Desired Skills:
Security incident response
Project management
Data Analysis
Metric reporting