Information Security III

Job Description Information Security III (SIEM-Forensic)

Job Title:

Information Security III (SIEM- Forensic)

General Summary

We are seeking a skilled and experienced SIEM Expert to join our Information Security team. As a SIEM Expert, you will be responsible for configuring, managing, and optimizing our SIEM platform to monitor, analyze, and respond to security events and incidents. You will play a key role in detecting and preventing potential security threats, ensuring the safety and compliance of our systems and data.

This role is ideal for someone with a strong understanding of security monitoring, log management, incident response, and threat detection, with hands-on experience in deploying, configuring, and managing SIEM tools.

Education & Experience

Minimum Requirements typically required for someone to be performing fully (competent) in this job:

Level of Formal Education:

Bachelor's degree preferred or equivalent experience

Area of Study:

Computer Science

Years of Experience:

8-10 Years

Type of Experience:

• Experience performing forensic investigations using EnCase or similar tool
• QRadar/LogRhythm, Microsoft Sentinel, Accenture MSS, Splunk, ArcSight, Mandiant

Special Certifications: (CPA, Etc.)

• CISSP Certification preferred
• CEH
• CHFI
• Splunk Architect
• SC 200 (Microsoft Azure Sentinel)
• CERTIFIED SOC ANALYST (CSA)

Language Skills:

English

Technical Competencies:

• SIEM Platform Management: Administer and manage the organization's SIEM platform (e.g., Splunk, QRadar, ArcSight, SentinelOne, LogRhythm, etc.).
• Event & Log Management: Collect, normalize, and analyze security event data from various sources (firewalls, IDS/IPS, servers, endpoints, etc.).
• Rule Creation and Tuning: Develop and fine-tune correlation rules, alerts, and use cases to identify anomalous and malicious activity.
• Incident Detection & Response: Investigate security alerts and work with the Security Operations Center (SOC) team to triage and respond to security incidents.
• Threat Hunting: Perform proactive threat hunting using the SIEM tool to identify indicators of compromise (IoC) and anomalous behavior across the network and endpoints.
• Reporting & Dashboards: Create and maintain security monitoring dashboards, generate reports, and provide metrics on the security posture of the organization.
• Integration: Integrate new data sources, security tools, and applications into the SIEM for better visibility and monitoring.
• Automation: Work on automating repetitive tasks and security workflows to improve efficiency and reduce response times.
• Documentation & Knowledge Sharing: Document standard operating procedures (SOPs), incident response processes, and best practices for using the SIEM.
• Compliance & Audit: Assist in meeting regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) by ensuring the SIEM solution supports logging, monitoring, and reporting needs.
• Collaboration: Collaborate with other IT and security teams to improve overall security posture and response capabilities.

Competencies:

• Strong hands-on experience with SIEM solutions such as Splunk, QRadar, ArcSight, LogRhythm, or Microsoft Sentinel.
• Proficiency in log management, event correlation, and alert tuning within a SIEM environment.
• In-depth understanding of network protocols, security operations, and cyber threats (e.g., DDoS, APTs, malware).
• Familiarity with endpoint protection tools (e.g., CrowdStrike, Carbon Black, or others).
• Knowledge of threat intelligence platforms (TIPs), intrusion detection systems (IDS), and firewalls.
• Strong experience in scripts (e.g., Python, PowerShell, Bash) to automate processes and analyze logs.
• Hands-on experience with cloud security monitoring (AWS, Azure, GCP) and cloud-native SIEM integrations.
• Security Incident Handling: Experience in identifying, investigating, and remediating security incidents.
• Familiarity with data loss prevention (DLP) tools and techniques.

Information Systems:

(People Soft, etc.)

• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills to clearly explain complex security issues to non-technical stakeholders.
• Ability to work well under pressure and in a fast-paced environment.
• Team player with the ability to collaborate across departments and with various stakeholders.
• Strong organizational and time-management skills.