Staff Engineer II - Cyber

Job Title:Staff Engineer II - CyberLocation:Phoenix, Columbus or IrvingAbout the Job:Western Alliance Bank's (WAB) Security Monitoring Center is dedicated to continuously monitoring our network and systems for suspicious activity, identifying potential security threats, investigating incidents, and responding swiftly to neutralize cyberattacks. Responsibilities include analyzing security alerts, conducting incident response, documenting findings, implementing mitigations, and reporting to stakeholders.Key Responsibilities:Build, maintain, and support technologies for the Security Monitoring Center.Contribute to the development of a robust Insider Risk program.Collaborate with a team of talented engineers to achieve work objectives and deliverables.Challenge and be challenged on ideas to ensure the best solutions for WAB.Provide high-quality work documentation, including graphs, flow diagrams, engineering runbooks, and change procedures.Requirements:Education: Bachelor's Degree in Cybersecurity, Computer Science, or related field from a 4-year college or university.Experience: Minimum of five (5) years in Information Technology, including:Three (3) years in information security engineering, security risk and compliance management, security project management, security policy management, and other security practices.Three (3) years using scripting techniques (Python, Powershell, Rest API, VB, Ruby, etc.) to automate tasks.Two (2) years in evaluating, installing, configuring, and maintaining at least 2 of the following security tools: IDS, IPS, SIEM, DLP, Proxy, Firewall, Endpoint forensics, disk encryption, GRC, Vulnerability scanner, sandbox, SOAR.Two (2) years administrating a SIEM (Elastic Stack SIEM is a plus).Experience with interpreting and analyzing packet captures via Wireshark.Skills:Solid understanding of logging infrastructure concepts (syslog, log parsing, log de-duping, log pulling methods, RFC 5424, CEF Format, JSON, key value pair format, log enrichment, log maintenance, log troubleshooting).Demonstrative SIEM administration (Elastic Stack experience is a plus).Demonstrative SOAR administration and playbook authoring (Palo Alto XSOAR experience is a plus).Proficiency in Python, Powershell, and Bash.Capable of operating entirely day-to-day on a Linux platform.Certifications: RHCSA, RHCSE, CCNA, Microsoft, Azure, AWS, VMWare, or related technology training or certifications are a plus. CISSP, CISA, CISM, GIAC, GCIH, Security+ or related certifications are a plus.