Siem Engineer Resume Samples
4.5
(107 votes) for
Siem Engineer Resume Samples
The Guide To Resume Tailoring
Guide the recruiter to the conclusion that you are the best candidate for the siem engineer job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.
Craft your perfect resume by picking job responsibilities written by professional recruiters
Pick from the thousands of curated job responsibilities used by the leading companies
Tailor your resume & cover letter with wording that best fits for each job you apply
Resume Builder
Create a Resume in Minutes with Professional Resume Templates
CHOOSE THE BEST TEMPLATE
- Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS
- Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES
- Instantly download in PDF format or share a custom link.
RR
R Russel
Ralph
Russel
70038 Rippin Gateway
Dallas
TX
+1 (555) 716 8974
70038 Rippin Gateway
Dallas
TX
Phone
p
+1 (555) 716 8974
Experience
Experience
Dallas, TX
Siem Engineer
Dallas, TX
Monahan, Smitham and Boyer
Dallas, TX
Siem Engineer
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the ArcSight ESM and Splunk platforms
- Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
- Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management
- Performs all administration, management, configuration, testing, and integration tasks related to the Splunk, BigData/Hadoop, ArcSight ESM and associated platforms to include content creation, maintenance, and administration tasks
- Creates and develops correlation and detection rules, utilizing Regex, within Splunk ES to support alerting capabilities within the Threat Management Center
- Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources; log collection rate, and server performance
New York, NY
Senior Siem Engineer
New York, NY
Kuvalis-D'Amore
New York, NY
Senior Siem Engineer
- Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies
- Assist with client transition and onboarding serve as primary point of contact for Managed Security Service clients
- Develops internal training methods to support Managed Services and their clients
- Perform capacity planning and management tasks on a regular basis
- Perform SIEM product support and implementation
- Act as a point of escalation for other Engineers (Associate SIEM Engineer & SIEM Engineer) and provide guidance and mentoring
- Act as the point of escalation for other Engineers (Associate Engineer, Security Engineer, & Senior Engineer) and provide guidance and mentoring
present
Boston, MA
Principal Siem Engineer
Boston, MA
Lakin, Upton and Gorczany
present
Boston, MA
Principal Siem Engineer
present
- Assist with designing and documenting work processes within the SOC
- Perform technical account management duties for specific top-tier, strategic clients
- Manage SIEM user accounts (create, delete, modify, etc.)
- Create client-specific Watch Lists if necessary
- Attend vendor-specific meetings and conferences for business and professional development
- Create innovative solutions to automate and reduce timeframes for operational changes as well as initial installation of the platform
- Manage appliance or virtual appliance OS and SIEM software
Education
Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
University of Massachusetts Amherst
Bachelor’s Degree in Computer Science
Skills
Skills
- People skills, and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details
- Able to create high quality Security Analysis reports pertaining to event data
- Knowledge and demonstrable experience of Security Information Event Management systems (Sentinel, Intel, QRadar, RSA, Splunk)
- Knowledge of Security terminologies
- Penetration testing, Vulnerability management
- Strong IBM Qradar, Juniper STRM or HP ArcSight skills
- Good interpersonal skills
- Strong understanding of security postures/policies
- Understanding of Security principals: Confidentiality, Integrity and Availability
- Good analytical skills
15 Siem Engineer resume templates
Read our complete resume writing guides
1
Siem Engineer Resume Examples & Samples
- 2 years working experience with a major vendor SIEM product (Qradar, STRM, ArcSight, McAfee, Splunk, LogRhythm, EMC RSA) either as a SOC analyst or as a SIEM Admin
- 3 years working in IT security role of any kind
- Solid foundation in networking (TCP/IP and OSI layers, network routing & switching protocols)
- At least 3 years support experience with at least 2 of the following
- At least 2 years SIEM administration experience in an enterprise environment
- Strong IBM Qradar, Juniper STRM or HP ArcSight skills
- Knowledge and understanding of one or more of the following concepts and technologies is a plus: SIEM, Proxies, Firewall, Content Filtering, Vulnerability Scanning, Email, IAM and Web Security
- Strong understanding of security postures/policies
- Knowledge of Security terminologies
- Linux and or Unix administration skills
- Experience automating tasks using Python
- Strong IT configuration and policy management experience on any platform
- Able to create high quality Security Analysis reports pertaining to event data
- High degree of analytical ability and creativity
- Demonstrated ability to work under pressure
- English: Fluent
2
Senior Siem Engineer Resume Examples & Samples
- Provide SME level technical and strategic direction to the SIEM team
- Design, build and deliver training to the SIEM team and SOC on the SIEM product(s) which you are an SME for
- Own and complete all highly complex workloads in the team
- Design, document and implement process and procedures for SIEM team and SOC
- Perform SIEM product support and implementation
- Configure SIEM systems based on security best practices and client requirements
- Monitor and maintain overall system health of supported SIEM systems
- Liaise with technical teams to ensure the SIEM is functioning as required to IBM and customer requirements
- Assist in end to end fault determination, troubleshooting or escalation of security infrastructure, working with other security personnel as required
- Perform capacity planning and management tasks on a regular basis
- Accurately record all required data in incident / problem management systems
- Perform user administration tasks and checks in the SIEM systems
- Complete security compliance and assurance tasks against the SIEM systems
- QA SIEM requirements proposed by Project, Architects and customers and provide guidance for best practice
- Identify and design new use cases that address our customer’s needs
- Evaluate, modify and tune the SIEM rules to adjust the specifications of alerts and incidents
- Evaluate existing SIEM content and use cases and adapt them to meet our customer’s goals
- Develop and test new SIEM content
- Design, set up and produce required reporting out of the SIEM
- Assist customers to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
- Have high awareness of customer service levels when dealing with problems to ensure all SLA’s are met
- Cross train the 24 x 7 SOC on SIEM usage with objective to lead to advanced tuning, security event monitoring and detection
- Develop end to end monitoring processes
3
Siem Engineer Resume Examples & Samples
- Act as the subject matter expert for the customer’s SIEM solution
- Maintain SIEM operations and document current environment
- Work with external teams to ensure all necessary logging sources are reporting to the SIEM
- Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources; log collection rate, and server performance
- DOD 8570 Compliance, or the ability to quickly obtain the security certifications: Security+, and CEH
- Minimum of three (3) years managing/utilizing a SIEM solution
- Experience in performing infrastructure support at an enterprise level
- Ability to demonstrate strong knowledge of computer security concepts
- Experience with industry recognized SIEM solutions such as ArcSight, Splunk, LogRhythm, AlienVault, etc
- Vendor certification in a SIEM technology
4
Siem Engineer Resume Examples & Samples
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the ArcSight ESM and Splunk platforms
- Integration and normalization of disparate asset information into a centralized asset model
- Overall responsibility for being the subject matter expert on ArcSight ESM and Splunk software for the customer
- Use of ArcSight ESM and Splunk in the daily operational work and workflow of the end customer
- Advising SOC Manager on best practices and use cases on how to use ArcSight and Splunk to achieve end state requirements
- Custom development of Connectors (Agents) using ArcSight FlexConnector
- Meet with business users to gather requirements and make recommendations for meeting customer requirements within the SIEM and Log Management solution
- Analyzing new technologies and making security recommendations based on business objectives
- Implementation of security controls and best practices including ISO 27001/27002, NIST CSF and SP800-53
- BSc of Computer Science, Engineering, or Mathematics preferred
- Work with systems owners to establish how best to leverage ArcSight ESM and Splunk (and associated products) to meet the strategic goals by defining Use Cases Technical administration of the ArcSight ESM, Splunk, and Connector software platform
- Ability to modify configuration files (under the covers, not exposed at Console level)
- Distributed Multi-Manager architecture and deployment
- Troubleshoot and configure networking devices, various platforms and databases
- Integration with 3rd party systems including configuration management, network management, vulnerability scanners and trouble ticketing applications
- Upgrade and patch all components of the ArcSight and Splunk platforms
- Project Management, Customer Service and Technical Writing duties
- 3+ years security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis
- 3+ years with SIEM and Log Management technologies specific to Splunk and/or ArcSight
- Experience with 3-5 of the following security technologies including
5
Siem Engineer Resume Examples & Samples
- Performs all administration, management, configuration, testing, and integration tasks related to the Splunk, BigData/Hadoop, ArcSight ESM and associated platforms to include content creation, maintenance, and administration tasks
- Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
- 7+ years in security logging and monitoring engineering
- 5+ years hands on experience in engineering and supporting large scale Splunk or similar event logging solutions for large corporations is preferred
- 5+ years of multiple security platform administration or engineering within large-scale or global enterprises combined
- 3+ years of experience within an engineering role designing or implementing complex BIG Data / hadoop and large data management solutions
- 2+ year experience in Hadoop/BigData technology configuration and management is preferred
- Understanding of Network Firewalls, Load-balancers, and complex network designs
- Good understanding of Unix/Linux and Windows operating systems
- Hands on experience with database engineering and support
- Good command on Python, Perl, SQL, Regex and Shell scripting is required
- Experience installing and maintaining Syslog-NG, windows Snare and MSCOM is preferred
6
Siem Engineer Resume Examples & Samples
- Knowledge and demonstrable experience of Security Information Event Management systems (Sentinel, Intel, QRadar, RSA, Splunk)
- Experience in Linux administration and networking troubleshooting
- Experience in programming in Python, Java, bash or other languages
- Understanding of security monitoring and identification concepts
- Understanding of ITIL processes
- Understanding of Security principals: Confidentiality, Integrity and Availability
- Security monitoring solutions
- ISO 27001
- Penetration testing, Vulnerability management
- LPIC/RHCE
- CEH; Comptia Security+
- >1 years
7
Siem Engineer Resume Examples & Samples
- Support 2nd level colleagues regarding SIEM operation related tasks
- Rule tuning
- Performance monitoring
- System health monitoring
- Communication with SIEM providers
- Experience with server operations(preferably Linux)
- Experience with SIEM systems
- Strong understanding of networking
- Understanding of IT security principles
- Willingness to provide on-call service
- Good language and communication skills in English
- Experience in scripting
- Experience with firewall/proxy/IPS
- Server and/or network troubleshooting experience
8
Siem Engineer Resume Examples & Samples
- Definition, planning and implementation of SIEM architecture changes
- Development, implementation and execution of standard procedures for SIEM administration
- Custom development of Connectors (agents) using ArcSight FlexConnector
- Oversight of administrative operations performed by 3rd party provider including operating system security hardening, backup management, capacity planning, version/patch management, and lifecycle upgrade management
- Expert implementation and generation of ArcSight content (e.g. rules, trends, lists, reports and dashboards) based on defined use cases
- Maintain key relationships both internal and external stakeholders
9
Senior Siem Engineer Resume Examples & Samples
- Lead engineering team by prioritizing clients work requests, projects and service tasks
- Work closely with Management, Service Delivery and other Principal Engineers in defining processes and procedures for internal projects
- Guide the design, development and review of complex security SIEM content
- Analyzes and identifies areas of improvement with existing processes, procedures and documentation
- Develop individual team, defining strategies and responsibilities to be successful and grow
- Develops internal training methods to support Managed Services and their clients
- Act as the point of escalation for other Engineers (Associate Engineer, Security Engineer, & Senior Engineer) and provide guidance and mentoring
- Assist with client transition and onboarding serve as primary point of contact for Managed Security Service clients
- This will require documentation of Account Governance processes and responsibility for report generation and notification to senior leadership about potential client Service Level Agreement (SLA) issues
- Explain and demonstrate how to use SIEM and Enterprise Security products to both technical and relatively non-technical personnel
- Implement and configure SIEM software and appliance-based products in large enterprise and Government environments
- 2-3 years professional experience working with networks and network architecture
- 1+ year professional experience writing SIEM content
- Prior experience in a technical team leadership role
- Experience with content SIEM content creation and reporting
- MUST HAVE
- General security knowledge (GIAC, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, or other security certifications)
- An understanding of a wide array of server grade applications such as: DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others
- Experience with various SIEM security products such as: ArcSight, QRadar, Nitro, Splunk, LogRhythm and infrastructure components such as proxies, firewalls, IDS/IPS, DLP etc
- Prior consulting experience
10
Siem Engineer Resume Examples & Samples
- Work with individuals in the client environment in many different IT areas (IDS, Firewall, Server Admin., etc.)
- Monitor, sustain and troubleshoot a variety of technologies as they relate to Enterprise Log Management; make these other systems "talk" to the SIEM tools. Essentially, this individual needs to be able to administer a logging solution
- Develop custom content (reports, querying, dashboards, light scripting, etc.)
- Performs a variety of routine project tasks applied to specialized information assurance problems
- Tasks involve integration of electronic processes or methodologies to resolve total system problems, or technology problems as they relate to IA requirements
- Creates customized dashboards using Security Information and Event Management (SIEM) tool ArcSight ESM to elevate high threat items to incident responders
- Maintains and creates customized reports in Enterprise Log Management (ELM) Solution, ArcSight Logger
11
Siem Engineer Resume Examples & Samples
- Plans, conducts and oversees highly complex projects or major phases of significant projects; Performs security network engineering efforts
- Conducts investigations and tests of complex security software systems to enhance performance or investigate and resolve matters of significance
- Reviews completion and implementation of technical products to ensure success and timeliness
- Reviews literature, and current practices relevant to the solution of more complex network security projects
- Recommends corrections in complex technical applications and analysis to enhance performance
- Acts as the initial contact with vendors on more complex projects to provide required products or services
- Provides technical consultation to other organizations; interacts with senior customer personnel and internal senior management
- Provides the customer base with first level support
- Performs comprehensive security assessment of all designs within all enterprise networks, advises senior level executives of network vulnerabilities, and develops procedures and policies to rectify
- Any other duties as requested by the Contracting Officer Representative and SOC management
- Designs and develops new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks
- Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis
- Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features and relates existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues
- Bachelor's degree in Computer Science, Information systems
- Minimum ten (10) years of relevant professional experience
- Minimum eight (8) years of experience in network security
- Engineering, network security analysis or OS programming
- Experience with Enterprise Sensors (Sourcefire, SNORT, Cisco, ISS, McAfee, etc.)
- Experience with IDS/IPS custom signature creation and deployment
- Experience with full packet capture and DNS technology and concepts
- Experience with network principals, routers, switches, firewalls and VPN technologies
- Experience writing policies, procedures, and TTPs
- Experience composing presentations and briefing senior management
- CISSP, CCNA, Security+ and/or relevant Certification
- Must be a certified ArcSight Administrator
- Development experience with a programming language, especially the following: C, C++, Java, with additional familiarity in languages such as Ruby, Perl, Python, and SQL
- Experience with information security devices (e. g., firewalls, and intrusion detection/prevention systems) and applications (e.g. security information management tools like ArcSight)
- Experience with NAC and web proxy solutions (ForeScout, BlueCoat, etc.)
- Strong analytical and creative problem solving skills to resolve highly complex software design issues and create new software
- Good leadership skills to mentor, oversee, and lead team members
- Strong interpersonal skills to interact with senior customers, management and team members
- Strong communication skills to interact with team members and senior support personnel
- Experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC)
12
Threat Response Siem Engineer Resume Examples & Samples
- Improve and contribute to alert generation for actionable intelligence
- Administer Splunk and Splunk App for Enterprise Security (ES) log management and SIEM solutions
- Integrate Splunk with a wide variety of legacy data sources that use various protocols
- Consult with internal customers to customize and configure Splunk in order to meet requirements
- Develop reliable, efficient queries that will feed custom alerts, dashboards, reports, and data models
- Leverage the full utility of Splunk technology in order to monitor cyber security, protect IT infrastructure, and enable rapid containment and resolution to IT security incidents
- Design and generate data parsers as necessary to optimize ingestion of data from a wide variety of devices including servers, firewalls, IDS/IPS, VA appliances, etc
- Familiarity with some of the following technologies: Active Directory, Virtualization platforms, Microsoft Windows, Unix, Linux, Mac OS X, LDAP, Active Directory, TCP/IP, firewalls, routers, network protocols and architecture, databases, VPNs
- Experience architecting and deploying Splunk Enterprise implementations in medium to large sized customers
- Experience writing advanced Splunk searches to perform data correlations, identify trends, locate anomalous and suspicious activity, detect malicious behavior and find other notable events
- Experience creating reports, scheduled searches, alerts, forms and dashboards to satisfy data requests and present Splunk information to a wide range of technical audiences including general users, system administrators, Security Operations Center (SOC) technicians, and senior management
- Experience using Splunk to automate existing process and data driven tasks
- Excellent attention to detail, multi-tasking, organizational and time management skills
- B.S. Computer Science or similar combination of education and/or experience
- Technical certifications: Splunk Certified Admin, Splunk Certified Architect equivalent training
- Ability to populate Splunk from 3rd party data sources (i.e. bash/python scripts/SQL DB/APIs)
- Experience performing technical investigations to find potential indicators of compromise
- Experience managing Security tools in an enterprise environment that includes firewalls, IDS/IPS, assessment and scanning tools, endpoint solutions, and audit logs from various platforms
13
Qradar Siem Engineer Resume Examples & Samples
- Bachelor's degree in telecommunications, computer science, information technology or equivalent experience
- Security related certifications such as Security+ or CISSP are beneficial but not required
- 3+ years of direct hands on experience with IBM QRadar or similar SIEM product
- Working knowledge of network security principles and best practices
- Possess effective verbal and written communications as well as strong organizational skills
- Must be capable of working well independently as well as in a highly collaborative team environment
14
Senior Siem Engineer Resume Examples & Samples
- Act as a point of escalation for other Engineers (Associate SIEM Engineer & SIEM Engineer) and provide guidance and mentoring
- Develop and deploy SIEM content and reporting
- Perform knowledge transfers and train clients regarding security and system configuration
- The Senior SIEM Engineer has no direct reports
15
MSS SOC Siem Engineer Resume Examples & Samples
- Drive technical and architectural improvement of the SIEM Arcsight managed service and tools used to deliver service to these customers
- Accountability for technical improvement program per in scope enterprise sized clients, targeted mainly at architecture and content
- Operational Management involving Incident Management and Change Control
- Maintain documentation of the managed infrastructure per client
- Engage with other Security Operational Centres, assisting technically where appropriate
- Provide training on the managed infrastructure and technology to other MSS teams
- Act as a Technical escalation point for the delivery teams within the organisation for SIEM Arcsight specific incidents
- ArcSight Administration version 6.0+ preferred
- IT experience of customer delivery/customer services
- Excellent documentation skills within SIEM delivery
- Experience of working within a SOC, MSSP preferred
- Evidence on being able to architectural design, review and implement Arcsight and individual components
- Evidence of using other security technologies that help protect client environments
- Evidence of complex trouble-shooting skills on Arcsight and individual components
- Evidence of being able to design and implement content, both health and security
- Evidence of dealing with escalations, both service and technical for Arcsight related incidents
- Mentoring experience, needed for when training junior members of the team
- Office based role, must be able to drive and have own transport due to work patterns
- Role can accommodate a degree of home working
16
Principal Logrhythm Siem Engineer Resume Examples & Samples
- 3+ years professional experience managing and maintaining LogRhythm SIEM systems
- 1+ year professional experience writing LogRhythm SIEM content
- College degree or equivalent training with experience working in a Security Operations Center, Managed Security, or client network environment
- Experience with content LogRhythm SIEM content creation and reporting
17
Siem Engineer Resume Examples & Samples
- Creates and develops correlation and detection rules, utilizing Regex, within Splunk ES to support alerting capabilities within the Threat Management Center
- Reviews current detection rules and, if necessary, changes use case criteria based on metrics and the needs of the Threat Management Center
- Collaboration with the Threat Management Center (TMC) to provide/implement advanced functionality to current toolsets, including custom signatures, alerting mechanisms and use cases developed from intel gathered internally (from the Threat Intelligence group) and external partners
- Develops metrics resulting from detection and alerting of SIEM and data analytics technologies
- Identifies innovative capabilities, such as custom detection signatures and identification of targeted attacks, leveraging existing Verizon security resources and tools, including Verizon’s customized intelligence platform
- Supports collaboration on the development and maintenance of the TMC security stack, such as new technology solutioning and recommendations for process/procedure changes
- Interfaces with the Threat Management Center teams to identify improvements to detection and alerting capabilities within the SIEM and Data Platforms
- Consumes results of cyber-attacks, indicators, and correlations to assist in identification of attribution and potential threat and impact to Verizon resources
18
Principle Qradar Siem Engineer Resume Examples & Samples
- 1+ year professional experience writing QRadar SIEM content
- Advanced information security knowledge in one or more areas such as Enterprise end-point security products (i.e. McAfee e-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.) Security Information and Event Manager (SIEM), to include: NitroSecurity ArcSight Q1 Labs RSA Envision Network Firewall, Web Proxy, E-Mail and Web Gateway etc. to include: Palo Alto / Checkpoint / Juniper / McAfee / Cisco / Blue Coat / Imperva
- Experience with Linux OS
19
Siem Engineer Resume Examples & Samples
- Minimum of 1-2 years of SIEM Administration experience in IBM QRadar
- Unix / Linux operating systems
- Windows operating systems
- Minimum of 1-2 years working in a customer facing role
- 7 or more years of information security or networking experience
- Self-starter, self-managed, and detail oriented
- Leadership experience managing small teams and/or large security implementations
- Minimum of 1-2 years of SIEM administration experience in Splunk
20
Senior Siem Engineer Resume Examples & Samples
- Passion for information security
- Excellent analytical thinking and problem solving skills
- Highly motivated
- CISSP, CISM, or CISA certification
21
Principal Qradar Siem Engineer Resume Examples & Samples
- 3+ years professional experience managing and maintaining QRadar SIEM systems
- Understanding of network architecture and implementation is a must; ideal candidate will have worked with network security analysis
- Experience with content QRadar SIEM content creation and reporting
22
Siem Engineer Resume Examples & Samples
- Responsible for monitoring and stability of SIEM platform
- Respond to SIEM platform server issues and high priority incidents
- Remediate ongoing and new SIEM Application defects / process failures
- Facilitation of SIEM Change Requests (upgrades, break fixes etc.)
- Onboard new application and platform logs via syslog, endpoint agents, and APIs
- Build and maintain documentation to support SIEM platform
23
Principal Siem Engineer Resume Examples & Samples
- Subject matter expert for onboarding SIEM components for new MSS clients (primarily Splunk)
- Manage appliance or virtual appliance OS and SIEM software
- Create innovative solutions to automate and reduce timeframes for operational changes as well as initial installation of the platform
- Create rules for compliance and audit requirements and create and manage Watch Lists for current threats
- Configure backups, verify custom reports, manage log source groups, and validate log sources with client
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly
- Perform formal Health Check and administrative password change
- Perform formal Architectural Review
- Create custom rules/rule modifications and custom reports/ report modifications as needed
- Manage SIEM user accounts (create, delete, modify, etc.)
- Add /Remove log sources. Troubleshoot issues with log sources or systems with vendor, and report system defects as needed
- Manage product enhancement / feature requests with vendors as needed
- Perform software upgrades, updates and patches as needed
- Create client-specific Watch Lists if necessary
- Perform technical account management duties for specific top-tier, strategic clients
- Responsible for major SIEM client environmental changes including upgrades
- Create custom documentation for internal and external needs
- Responsible for mentoring and training of SIEM Engineer II employees
- Responsible for testing and configuring new products and technologies
- Assist with designing and documenting work processes within the SOC
- Perform other duties as assigned
- Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required
- Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or related field of study; or at least four years of related experience and/or training; or equivalent combination of education and experience preferred
- Minimum 3 years Managed Security Services or Information Security experience required
- Minimum 3 years of SIEM administration experience required
- Minimum 1 year of Splunk administration, configuration and management required
- Minimum 1 years SIEM engineering experience required
- Minimum 1 year previous supervisory and/or training experience required
- Security+, CISSP, GCIH, GCIA, GPEN, CEH and or other industry certifications preferred
- Solid understanding of Information Security and Networking required
- Working knowledge of SIEM technology (e.g. LogRhythm, QRadar, enVision. Nitro) required
- Outstanding time management and organizational skills required
- Ability to operate equipment or tools, specifically: Internet, e-mail, MS Office products, advanced knowledge of Excel, sound knowledge of Power Point required
- Ability to work nights or weekends as required
- Demonstrated understanding of Information Security regulations, frameworks, requirements etc. and how to map a client’s security needs to a SIEM solution required
- Demonstrated understanding of vulnerability management systems and programs preferred
- Demonstrated understanding of PCI, SOX, HIPAA etc. preferred
- Security and/or Networking familiarity or understanding in the following preferred
24
Siem Engineer Resume Examples & Samples
- Engineer integration with Cyber Security tools
- Design flow and event intake from new sources
- Build new capabilities and installation of new applications from the app exchange to extend functionality
- Aggregate data into appropriate organization systems and datasets
- Operate and maintain availability, system upgrades, and deployment of new hardware and software components
- Support intelligence metric definition and reporting
- Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management
- Custom rule creation based on correlation of log source events
- Performance optimization and continuous integration of various security applications to improve SOC efficiency
- Extensive experience working with Splunk, QRadar, and ArcSight
- Regular Expressions
- Firewalls, Encryption, TCP/IP, IDS/IPS, SSL
- Communicating with multiple areas within IT and some business areas
- Conflict management, problem solving, customer service skills
- Ability to ensure activities are in alignment with the business objectives and risk management framework
- Ability to anticipate, recognize, and resolve technical (hardware, software, application or operational) problems
- Application development experience preferred with working experience of Tomcat
- Working knowledge of Linux, LDAP, TCP/IP networking stack, and regular expressions
- CISSP Certified
- Some SANS Training completed
- Fluent in Mandarin, Korean, Hindi, and Cantonese desired
- Bachelor degree in computer science or a related discipline strongly preferred, and several years of experience in all aspects of cyber security and computer operations or an equivalent combination of education and work experience
- Previous SIEM operations and engineering experience preferred
25
Siem Engineer Resume Examples & Samples
- Serve as a primary responder for Managed Security customer systems, taking ownership of client configuration issues and tracking through resolution
- Act as a point of escalation for other Engineers (Associate Engineer) and provide guidance and mentoring
- Advise best practice on SIEM and Enterprise Security products to both technical and relatively non-technical personnel
- Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies
- Develop and maintain content and reporting
- Provide escalation support to Tier 1 and 2 for Authorized Support Customers, following processes and interacting appropriately with both customers and partners when required
- Perform knowledge transfers to clients regarding security and system configuration awareness
- 2-3 years professional experience maintaining SIEM or infrastructure systems in the Information Security field
- 2-3 years professional experience working in a technical team environment
- Excellent time management, reporting, and communication skills
- Superior IT problem-solving skills
- Experience with SIEM content and reporting
- Experience working with Internal and client Ticketing and Knowledge Base Systems for Incident and Problem tracking as well as procedures. (i.e. Jira, Confluence, etc.)
- Knowledge of Linux and Windows Operating Systems
- Training and experience in one or more non-SIEM network security products to include: Enterprise endpoint security products, Network components such as Firewalls and Proxies to include Palo Alto / Checkpoint / Juniper / McAfee / Cisco / Blue Coat / Imperva or other similar network security products
- CCNA, CCDA, CCSA, CCIE, CISSP, CEH, or MCSE
- Familiarity with DevOps
- Professional experience working with networks and network architecture