Principal SIEM Engineer

Job Description

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect around the world. We’re a human network that reaches across the globe and works behind the scenes. We anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together—lifting up our communities and striving to make an impact to move the world forward. If you’re fueled by purpose, and powered by persistence, explore a career with us. Here, you’ll discover the rigor it takes to make a difference and the fulfillment that comes with living the #NetworkLife.

Verizon is proud to continually earn a spot in Gartner's Leader Quadrant for Managed Security Service Providers (MSSPs) supporting F500 and government agencies around the world. Our Managed Security Services range from security operations centers, security engineering, and cyber intelligence to assessments, planning and implementation. In support of our world leading position in cybersecurity, we are adding a Principal SIEM Engineer due to growth with focus on the latest SIEM and SOAR technologies. This is an excellent opportunity to join a growing high performance team.

The Principal SIEM Engineer is a part of our Analytics Security Operations Center (ASOC) within Verizon’s Managed Security Services team. This role is designed to provide senior level leadership for the design, engineering, and implementation of security event data collection for our managed security service customers related to incident response, threat monitoring, threat intelligence, and operations. These programs pertain to the data identification, assessment, ingestion, normalization and enrichment activities required for Verizon’s ASOC to perform proper detection and analytics of cyber threats and response.

Responsibilities include:

• Lead and perform the content development within the SIEM Platform which includes use case creation, dashboard design, tuning of use cases to minimize false positives, development of reporting metrics such as SLA and KPI reports and log source configuration

• Participate in use case development, provide technical input into designs, and maintain SIEM use cases throughout their lifecycle including SOAR integration and contributing to playbooks.

• Work with the customer to incorporate asset landscape details, severity threats campaigns, and data breaches, as well as perform impact and exposure assessments relative to the customer

• Threat hunting and independent threat research to augment and feed custom use case creation

• Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and secured networks to integrate with the SIEM platform

• Act as an escalation point for the ASOC Security Analysts to assist and advise on the most complex security threat investigations

• Collaborate with ASOC Senior Security Analysts and Verizon on-site teams to implement solutions to SIEM & SOAR platforms.

• Provide advice on SIEM management, infrastructure, log ingestion and normalization in order to support the ongoing development of use cases and their dependencies.

• Review and enhance logging information flow strategies and technical information flow required for log onboarding; create the work plan required for logging onboarding to include determining the technical details

• Share and exchange knowledge gained across all Verizon SIEM stakeholders and subject matter experts.

• Develop and implement SIEM, SOAR, and service management integrations including threat intelligence feeds, authentication systems, and response systems (firewalls, proxies, etc).

• SIEM installation, configuration, management and fault-finding.

• Provide briefings to ASOC managers, customer service leads, and other stakeholders on issues pertaining to SIEM management, use case maintenance, and their operational risks.

• Determine and report the accomplishments of project initiatives across stakeholder groups, providing consulting and guidance on how to drive business results from the data available

• Support and consult vendors and customers to assist in implementing sound and secure logging practices while interfacing with customers in support of their logging requirements

• Mentor and support ASOC Security Analysts Tier 1-3

Where you'll be working...

This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager

You’ll need to have:

• Bachelor's degree or four or more years of work experience

• Six or more years of relevant work experience

• Bachelor's degree or four or more years of work experience as a SIEM Engineer/Content Developer, especially with Splunk ES, QRadar, Sentinel, Sumo Logic, Chronicle, Securonix, LogRhtyhym, etc.

• Six or more years of relevant work experience as a SIEM Engineer with experience creating custom use cases, dashboards, and reporting

• Six or more years of relevant work experience as a SIEM engineering, administration, configuration, optimization experience

• Use case / correlation development experience.

• Threat hunting experience

• Linux command line experience

• Knowledge of regular expressions and data normalization

Even better if you have one or more of the following:

• Master's degree in information security, cyber security, computer science or related field

• Experience assessing and implementing security incident detection systems, particularly SIEMs

• Strong interpersonal skills and collaborative style to enable success across multiple partners

• Experience working in a Security Operation Center (SOC) environment

• Cloud security experience

• Experience with SOAR platforms, particularly Palo Alto XSOAR

• Knowledge in security architecture and enterprise information technology protocol and traffic flows

• Capability to clearly and succinctly explain highly complex issues to senior executives

• Strong communication and presentation skills along with the ability to handle multiple priorities in a fast paced dynamic environment

• Experience preparing and delivering presentations to peers or senior executives

• Ability to negotiate, when warranted, in order to work with other teams

• Ability to grasp and assess “big picture” issues and bring them to light in order to foster positive change for a more robust data ingestion platform and process

• Scripting or automation experience eg Python, Perl, Bash, PowerShell, etc.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

Where you’ll be working

In this hybrid role, you'll have a defined work location that includes work from home and a minimum eight assigned office days per month that will be set by your manager.

Scheduled Weekly Hours

40

Equal Employment Opportunity

We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.