Security logging and Analytics

Apply Now

Company: Libsys, Inc.

Location: Mountain View, CA 94040

Description:

Description:

Responsibilities:
  • Determine requirements and deploy logging capabilities across applications, infrastructure, databases, and networks
  • Develop strategy for ingestion and extraction of log data from various sources, including integrations with SIEM
  • Define conditions and logic to identify unauthorized / inappropriate activities and indicators of compromise, including triage and escalation of suspected events
  • Optimize and tune existing correlation rules and alerts to reduce false positives
  • Develop and apply data models to event logs for advanced analytics
  • Support root cause analysis, debugging, post-mortem analysis of cybersecurity incidents in partnership with other security functions
  • Develop and report metrics on logging capabilities and trends based on analysis
  • Perform analysis of logging and monitoring coverage and onboard new data sources
  • Review and assess utilization of logging and monitoring tooling
  • Develop standard operating procedures and trainings for each technology
  • Architect and continuously improve security technology stack, process and procedures, support model and cross-function interactions
  • Define and execute (as needed) procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of enterprise data assets and technology platforms

Qualifications:

  • Excellent analytical and problem-solving skills
  • Strong and recent experience in Python coding and Splunk
  • Excellent communication skills (verbal and written), ability to influence without authority
  • Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information
  • Ability to balance risks in ambiguous and complex situations
  • Demonstrated teamwork and collaboration skills, in leading or contributing to global and cross-functional teams
  • Highly motivated to contribute and grow within a complex area of emerging importance
  • Ability to communicate technical concepts to a broad range of technical and non-technical staff
  • Strong understanding of:
  • Interpretation of numeric data and statistical principles
  • Industry standard frameworks
  • Python, Linux, MacOS, and Windows internals and Splunk
  • Operating and maintaining logging and analytics tools across various platforms


Minimum Qualifications:

    • Bachelors' Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program
    • 3+ years applicable experience
    • High degree of integrity and trustworthiness and the ability to lead and inspire change
    • Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge
    • In-depth experience in the following:
    • Operating system (OS) hardening
    • SIEM, IDS, IPS technologies
    • Asset management
    • Change management
    • Microservice architecture
    • Logging, monitoring, and security event management
    • Database management and administration


Preferred Qualifications:

    • CISSP, SSCP, CAP, CCSP, CISM, CSX-P or applicable experience in the Information Security field
    • Recent and extensive experience using one or more programming/scripting languages (Python, Go, Java, Splunk etc.)
    • Familiarity with source code management tools (e.g., Github, Bitbucket)
    • Familiarity with securing data across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)

Similar Jobs