Cyber Security SIEM and Automation Engineer
Apply NowCompany: Red Lobster
Location: Orlando, FL 32828
Description:
Job Description
The Security SIEM and Automation Engineer will play a crucial role in maintaining and enhancing our organization's security posture by managing the Security Information and Event Management (SIEM) system and developing automation workflows to streamline security operations. The role requires a deep understanding of security principles, SIEM technologies, and automation tools. The ideal candidate will have a proactive approach to identifying and mitigating security threats, coupled with the ability to integrate and automate data from other internal and external security products and platforms.
Key Responsibilities
SIEM/SOAR Management:
- Design, implement, and manage the SIEM infrastructure to ensure efficient, cost controlled logging, monitoring, and alerting of security and infrastructure events.
- Develop and maintain SIEM content, including use cases, correlation rules, dashboards, and reports.
- Tune and optimize SIEM systems to reduce false positives and enhance the accuracy of threat detection.
- Monitor and respond to security alerts generated by the SIEM, ensuring timely investigation and resolution.
Security Automation
- Develop automations, scripts and workflows to streamline security operations, such as incident response, threat hunting, and log management.
- Ingest/Integrate SOAR/SIEM with other security tools (e.g., EDR, threat intelligence platforms) to create a cohesive and automated security ecosystem.
- Collaborate with the different IT teams to automate routine security tasks, including patch management, vulnerability scanning, and configuration management.
Incident Response
- Assist in the development and execution of incident response plans, leveraging SIEM and automation tools to detect and respond to security incidents.
- Conduct forensic analysis and root cause investigations for security incidents, providing detailed reports and recommendations for mitigation.
- Work closely with the Security Operations Center (SOC) to ensure effective communication and coordination during incidents.
Threat Intelligence and Monitoring
- Incorporate threat intelligence feeds into the SIEM to enhance detection capabilities and stay ahead of emerging threats.
- Continuously monitor the threat landscape, updating SIEM use cases and automation workflows to address new and evolving threats.
Compliance and Reporting
- Ensure that SIEM and automation processes comply with regulations and standards, such as PCI-DSS, HIPAA, CCPA/CPRA and other state data privacy laws.
- Generate and present regular reports on the security posture, incident trends, and the effectiveness of automation initiatives. (KPI's)
Qualifications
Education
- Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered.
Experience
- 3+ years of experience in a security engineering role, with a focus on SIEM and security automation.
- Hands-on experience with leading SIEM platforms such as Elastic, Splunk, QRadar, ArcSight, or Azure Sentinel.
- Proficiency in scripting and automation tools, such as Python, PowerShell, Bash, or Ansible.
- Experience with a broad range of security tools like firewalls, IDS/IPS, EDR, CASB, SWG, SASE, IDP's and threat intelligence platforms.
Certifications
- Relevant security certifications such as CISSP, GIAC, CEH, or specific SIEM certifications (e.g., Elastic Admin).
Skills
- Strong understanding of cloud (Azure/AWS),network protocols, security architectures, and cyber threat landscapes.
- Excellent problem-solving skills (critical thinking) with a keen eye for detail.
- Ability to work independently and collaboratively in a fast-paced environment.
- Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
The Security SIEM and Automation Engineer will play a crucial role in maintaining and enhancing our organization's security posture by managing the Security Information and Event Management (SIEM) system and developing automation workflows to streamline security operations. The role requires a deep understanding of security principles, SIEM technologies, and automation tools. The ideal candidate will have a proactive approach to identifying and mitigating security threats, coupled with the ability to integrate and automate data from other internal and external security products and platforms.
Key Responsibilities
SIEM/SOAR Management:
- Design, implement, and manage the SIEM infrastructure to ensure efficient, cost controlled logging, monitoring, and alerting of security and infrastructure events.
- Develop and maintain SIEM content, including use cases, correlation rules, dashboards, and reports.
- Tune and optimize SIEM systems to reduce false positives and enhance the accuracy of threat detection.
- Monitor and respond to security alerts generated by the SIEM, ensuring timely investigation and resolution.
Security Automation
- Develop automations, scripts and workflows to streamline security operations, such as incident response, threat hunting, and log management.
- Ingest/Integrate SOAR/SIEM with other security tools (e.g., EDR, threat intelligence platforms) to create a cohesive and automated security ecosystem.
- Collaborate with the different IT teams to automate routine security tasks, including patch management, vulnerability scanning, and configuration management.
Incident Response
- Assist in the development and execution of incident response plans, leveraging SIEM and automation tools to detect and respond to security incidents.
- Conduct forensic analysis and root cause investigations for security incidents, providing detailed reports and recommendations for mitigation.
- Work closely with the Security Operations Center (SOC) to ensure effective communication and coordination during incidents.
Threat Intelligence and Monitoring
- Incorporate threat intelligence feeds into the SIEM to enhance detection capabilities and stay ahead of emerging threats.
- Continuously monitor the threat landscape, updating SIEM use cases and automation workflows to address new and evolving threats.
Compliance and Reporting
- Ensure that SIEM and automation processes comply with regulations and standards, such as PCI-DSS, HIPAA, CCPA/CPRA and other state data privacy laws.
- Generate and present regular reports on the security posture, incident trends, and the effectiveness of automation initiatives. (KPI's)
Qualifications
Education
- Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent work experience may be considered.
Experience
- 3+ years of experience in a security engineering role, with a focus on SIEM and security automation.
- Hands-on experience with leading SIEM platforms such as Elastic, Splunk, QRadar, ArcSight, or Azure Sentinel.
- Proficiency in scripting and automation tools, such as Python, PowerShell, Bash, or Ansible.
- Experience with a broad range of security tools like firewalls, IDS/IPS, EDR, CASB, SWG, SASE, IDP's and threat intelligence platforms.
Certifications
- Relevant security certifications such as CISSP, GIAC, CEH, or specific SIEM certifications (e.g., Elastic Admin).
Skills
- Strong understanding of cloud (Azure/AWS),network protocols, security architectures, and cyber threat landscapes.
- Excellent problem-solving skills (critical thinking) with a keen eye for detail.
- Ability to work independently and collaboratively in a fast-paced environment.
- Strong communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences.