Linux/SIEM Operations Engineer

100% Remote

*Must be a US Citizen

Contract to hire

Conversion: $120-140k

Notes from Hiring Manager:

Main Focus:

Senior linux/ops, mastery of splunk or equivalent (like sumo). Some prior experience with dashboard creation but monitoring and alerting priority for uptime and security. Should be able to be both facilitator and operator of SumoLogic with some ramp up time

Ideal candidate : Worked in a System operations team and has branched out to SIEM (Alerting and logging), Compliance is nice to have.

Strong Linux ops background, worked on call, fixed servers, break/fix oncall

Day to day server maintenance

SRE type function and branched out into logging and alerting

Familiar with Security standards (How audits work)

- They use Sumo Logic but other like Splunk is just fine

- Expertise is some SIEM/Logging and altering pipeline solutions

- someone who has done actual Linux operations

- Make sure all logs coming in from all their sources

will need to set up alerts and set up alerts if the system is down and on-call teams are notified. Dashboarding and can write queries in sumo logic

Job Description:

SOC/SIEM Engineer for Cloud Operations

Position Description:

Security Engineer / SOC with a primary focus on monitoring, analyzing, developing, and maintaining, dashboards and alerts to identify and report on SIEM activity.

The candidate will be responsible for administering, configuring, and monitoring the SIEM solution to maintain and improve the security posture of our Cloud operations. The candidate will possess solid experience in the SOC/SIEM domain in accordance with the NIST 800-53 security framework. The candidate will be responsible for being able to communicate and report status in a concise, summarized, and effective manner to management.

The position also requires technical skills and experience in a Linux environment and a demonstrated working knowledge of Linux OS, automation, and troubleshooting.

Candidate must be a U.S. Citizen living in the US. Work is 100% remote so must be able to work independently while maintaining close and effective relationships with the entire team. Work is fast paced in a rapidly evolving environment. This is a tremendous opportunity to work and collaborate with highly talented people.

Essential Responsibilities:

Use Sumo Logic in the daily operational work which includes but not limited to Administer,

operate, manage the SIEM solution and regular activities of ensuring the health of log sources,

parsers, alerts, reports etc. to ensure the solution is operating as planned.

Develop content for a growing SIEM infrastructure. This includes dashboards, reports, rules,

filters, trends, and alerts.

Monitor Sumo Logic to assess, prioritize, escalate, and manage potential operational and

security events. Activities include

Respond to security incidents

Conduct threat analysis

Evaluate cybersecurity alerts

Document incidents and review reports

Provide detailed reports for management

Correlation of events, and activities to create threat scenarios to get ahead of threat

actors and reduce exposure.

Participate in incident response functions across the cloud environment in accordance with NIST 800-53 requirements/controls.

Interpret threat intelligence into actionable security actions across tools such as firewall, IPS and malware detection across multiple security vendor platforms.

Continuously track and resolve security incidents and collaborate with cloud operations and ISSM for resolution and suggest areas for improvement.

Plan, manage, and document the reports for Incident Response testing/validation exercises.

Manage, Support, and document activities for Annual Assessments, Significant Change Events.

Must have extensive knowledge of any SIEM solution like QRadar, Splunk, ELK, SumoLogic, etc.

Working knowledge and experience with SumoLogic a plus

Must have working knowledge of Malware detection solutions CrowdStrike, McAfee/Trellix,

TrendMicro, Symantec, etc.

Ideal Candidate will have demonstrated experience and knowledge of the following:

SOC/SIEM Engineer for Cloud Operations

Experience building custom connectors/parsers etc. to include logs from IT assets that are not supported out by Sumo Logic of the box.

System security and SIEM implementation experience

SOC daily operational monitoring, alerting, and escalation

In-depth experience and understanding of Security Event Management – both from a

technology/tool as well as process perspective.

Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP

Demonstrated experience and expertise with several of the following technology competencies with SIEM, vulnerability scanning tools, File Integrity Monitoring, and Data Loss Protection etc.

Development of security scripts in Linux / Windows environment for automated detection and

scanning

Network stream analysis using packet capture/reconstruction.

Experience executing on NIST Incident Response Frameworks

Current knowledge of security threats, solutions, security tools and network technologies

An understanding of information security and compliance regulations (NIST, ISO 27001, GDPR)

Demonstrated ability of effective problem-solving and troubleshooting of technical issues.

Fluency in English, written and spoken is necessary.

Excellent documentation skills

Work independently and a collaborator.

Education & Qualifications

2 to 5 years as a SOC/SIEM Engineer

Bachelor’s Degree in an IT related discipline

In lieu of certifications, at least 2 years of information security, auditing, or risk management