Job Directory Optiv Inc Principal SIEM Engineer (Splunk) - Dallas, Denver, Atlanta, Kansas City, or Remote USA
Optiv Inc

Principal SIEM Engineer (Splunk) - Dallas, Denver, Atlanta, Kansas City, or Remote USA Optiv Inc
Dallas, TX

Optiv provides cyber security and information security services.

Companies like Optiv Inc
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About Optiv Inc

Job Description

At Optiv, we're on a mission to help our clients make their businesses more secure. We're one of the fastest growing companies in a truly essential industry.

In your role at Optiv, you'll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients, and know from experience that the best solutions for our clients' needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We're proud of our team and the important work we do to build confidence for a more connected world.

Who we are looking for:

The Principal SIEM Engineer works as a member of the Cyber Operations Team. The primary focus for this role is to act as a Subject Matter Expert for Splunk and be able to configure, manage, operate and administrate the platform for managed SIEM.

The successful candidate will possess deep technical knowledge on a number of security technologies; have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM management solutions. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.

How you'll make an impact:

* Subject matter expert for onboarding SIEM components for existing and new clients.
* Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
* Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
* Working experience with Threat intelligence teams to be able to interpret IOC's and use them efficiently for alerting.
* Experience using multiple online sources in order to identify new threats
* Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
* Create technical documentation around the content deployed to the SIEM
* Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
* Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
* Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
* Manage appliance or virtual appliance OS and SIEM software.
* Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
* Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
* Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
* Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
* Perform formal Health Check and administrative password change.
* Perform formal Architectural Review.
* Create custom rules/rule modifications and custom reports/ report modifications as needed.
* Manage SIEM user accounts (create, delete, modify, etc.).
* Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
* Manage product enhancement/feature requests with vendors as needed.
* Perform software upgrades, updates, and patches as needed.
* Create client-specific Watch Lists if necessary.
* Perform technical account management duties for specific top-tier, strategic clients.
* Responsible for major SIEM client environmental changes including upgrades.
* Create custom documentation for internal and external needs.
* Responsible for mentoring and training of SIEM Engineer II employees
* Attend vendor-specific meetings and conferences for business and professional development.
* Responsible for testing and configuring new products and technologies.
* Assist with designing and documenting work processes within the SOC.
* Bachelor's Degree in Information Technology, Information Security/Assurance, Engineering or related field of study; or at least 8 years of related experience and/or training; or equivalent combination of education and experience preferred.
* Minimum 5 years Managed Security Services or Information Security experience required.
* Minimum 6 years of Splunk administration, configuration and management required.
* Minimum 4 years of Splunk Enterprise Security administration required.
* Security+, CISSP, GCIH, GCIA, GPEN, CEH and or other industry certifications preferred.
* Must have Splunk Enterprise Certified Architect or be willing to obtain within 6 months of hire date.
* Excellent written and verbal communication skills required.
* Solid understanding of Information Security and Networking required.
* Outstanding time management and organizational skills required.
* Ability to operate equipment or tools, specifically: Internet, e-mail, MS Office products, advanced knowledge of Excel, sound knowledge of PowerPoint required.
* Ability to work nights or weekends as required.
* Demonstrated understanding of Information Security regulations, frameworks, requirements etc. and how to map a client's security needs to a SIEM solution required.
* Security and/or Networking familiarity or understanding in the following preferred.
* Command line interfaces
* Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep)
* Keen ability to diagnose and troubleshoot technical issues, excellent problem-solving skills


All your information will be kept confidential according to EEO guidelines.

About Optiv Inc

Optiv provides cyber security and information security services.

5000 employees
Optiv Inc

1144 15th street

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.