The SIEM (Security Information and Event Management) Architect will be responsible for collecting, parsing, and correlating events for a critical operational system. She/he must possess strong skills in system administration, log management, event correlation, and threat detection.
Primary Roles and Responsibilities
The SIEM Architect will support building and maintaining a system that analyzes collected data and derives facts, inferences, and projections to determine if the systems being monitored are operating normally or being attacked by an adversary. The selected individual will be responsible for overseeing best practices in configuring and architecting the systems which support analysts and end-users. The successful candidate will support the collection and extraction of data used to refine existing and new reports, analytics, and dashboards, and will be involved with the drafting and creation of reports and dashboards based on end-user requirements. She/he will also work with System Engineers and System Administrators to better define the audit data being collected to eliminate false positives and false negatives from the data.
• Favorable Polygraph
• At least 8 years of relevant Information Assurance experience.
• At least 3 years of experience with one or more of the following: StealthWatch, TripWire, Zenoss, ArcSight, Splunk.
• Experience configuring and deploying data collection for a variety of operating systems and networking platforms.
• Experience creating Dashboards and Analytics within SIEM tools.
• Experience building and maintaining systems dedicated to storing and parsing large amounts of data.
• Experience building monitoring systems supporting auditing, incident response, and system health.
• Must possess excellent troubleshooting skills.
• Network Security Operations Center (SOC) experience preferred.
• Experience and talent in data visualization.
• Experience creating workflows for Incident Response within a SIEM Tool.
• CISSP Certification.
• GIAC Certified Incident Handler Certification.
• GIAC Cyber Threat Intelligence Certification.
• Splunk Enterprise Certified Architect.
• A Bachelor’s Degree in Information Assurance or related field.