SIEM Engineer

This is a remote position.

Job Title: SIEM Engineer Google Chronicle

Location: USA 100% Remote

Salary: Up to USD $90000 base salary

Company Overview:

Our client is a global cybersecurity SaaS solutions provider dedicated to helping clients achieve their cybersecurity and compliance goals.

Position Summary:

We are seeking an experienced and motivated individual with excellent domain knowledge of security products to help develop the portfolio of supported vendor products within the Google Chronicle platform. Successful candidates will require multiple years of experience with several cybersecurity technologies and the ability to learn and pick up on new products.

This is a handson role to build out the parsers classifications rules and more for an industryleading security suite that our client delivers to their valued customers.

Responsibilities:

• Build SIEM support and services for various security technologies and vendors.
  
• Design and build parsers to transform raw unstructured/semistructured data into structured sets following predefined schemas.
  
• Enhance and transform data by combining enriching or aggregating relevant datasets.
  
• Enrich log data by classifying based on internal ontology.
  
• Work collaboratively with analysts and other stakeholders to capture requirements and ensure parsed data meets needs.
  
• Contribute to the development of playbooks for our Security Operations Center (SOC) aiding in the creation of comprehensive and effective procedural documentation.
  
• Design and build APIs microservices and systems used for data ingestion.
  
• Document the development process and provide clear instructions for future maintenance and updates.
  
• Assist in designing building and maintaining detection rules.
  
• Assist in MITRE ATT&CK mapping of detection rules.
  
  

Requirements

• Minimum of 2 years of experience with Google Chronicle.
  
• Knowledge of cloud infrastructure and security implications of hybrid environments.
  
• Minimum of 2 years handson experience with multiple security products and preferably with certification in at least 2 of the following: AWS Azure GCP Windows AD/Server the major Firewall vendors the major NGAV vendors the major networking vendors Proofpoint Zscaler.
  
• Experience with GCP (preferably) AWS Azure Kubernetes and/or cloudnative technologies.
  
• Excellent communication skills (both written and oral); able to communicate concisely and present risk to both technical and nontechnical audiences.
  
• Ability to work independently.
  
• Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.
  
• Experience with Security Information and Event Management (SIEM) systems.
  
• Familiar with JSON XML CSV CEF LEEF Syslog RFCs.
  
• Experience with one of the following rule specs Sigma YARA YARAL Drools.
  
• Proficient with at least one of the following Go Python Java.
  
• Experience with SOAR.
  
• Worked in/with a SOC.
  
• Logstash.
  
• Regex.
  
  

Benefits

• 100% remote work with the option for hybrid arrangements when necessary.
  
• Flexible and resultsdriven work environment.
  
• Private healthcare coverage.
  
• Generous vacation and paid time off.