Sr. SIEM/XDR Engineer
Deepwatch
- Tampa, FL
- Permanent
- Full-time
- Configure, manage, and maintain Splunk deployments to include clustering and high availability scenarios in our customer AWS, GCP, Azure, and On-Premise environments
- Configure and optimize SIEM/XDR platforms to collect, normalize, and correlate security event data from diverse sources
- Develop and maintain correlation rules, alerts, and dashboards to detect and investigate security incidents effectively
- Conduct regular reviews of SIEM/XDR configurations and rulesets to ensure optimal performance and alignment with industry best practices
- Document design specifications, deployment procedures, and operational guidelines for SIEM/XDR implementations
- Perform advanced troubleshooting, upgrades, and configuration of Splunk including Splunk integrations and apps
- Perform advanced troubleshooting, configuration, upgrades, and administration of Linux Operating Systems
- Collaborate with fellow Deepwatch experts to deliver superior efficiencies and enhancements to the customer via the Deepwatch Security Platform
- Consult with customers, in all roles, including leadership, to effectively deliver security solutions, and architecture recommendations
- Be an escalation point for the SIEM Operations and Engineering team; focusing on excellent customer service and triaging of issues strategically in a timely manner
- Prioritize and deliver solutions to deliverables from a wide range of engagements including: Platform Operations and Engineering Management, cases created, and escalations for technical issues
- Be part of the on-call rotation for critical production support outages
- Mentor and provide technical expertise to junior members of the team
- Create and maintain documentation for customer environments, processes and best practices
- Raise environmental and platform risks to management to avoid unnecessary Risk exposure
- Stay current with emerging threats, vulnerabilities, and industry trends to continually enhance SIEM/XDR capabilities and processes.
- Have SIEM Certifications (Splunk Enterprise Certified Architect or Splunk Core Certified Consultant preferred) and/or equivalent demonstrable advanced experience with SIEM administration
- In-depth knowledge of SIEM/XDR platforms such as Splunk, IBM QRadar, LogRhythm, or equivalent
- Demonstrate a working knowledge in at least three of the following areas: Enterprise network architecture/administration, Enterprise Network Infrastructure Engineering or administration, Cloud engineering and administration, Endpoint Engineering and Administration, Identity and Access Management, DevOps, Security Operations Center (SOC), or SIEM Architecture and Engineering
- Be comfortable providing customer-facing operational support in cybersecurity or information technology operations
- Excellent analytical, problem-solving, and communication skills in a customer facing environment
- Be self-driven and enjoy solving problems collaboratively in a fast-paced environment
- Have proficient understanding of cloud infrastructure administration (e.g., Splunk, AWS, Azure, GCP, etc.)
- Have basic experience with:
- Leveraging configuration management/orchestration tools such as Ansible or AWX, Puppet, Terraform or other
- Programming/scripting tools to help automate routine tasks (e.g., Python, Bash, Powershell, etc.)
- Version control tools (e.g., git,perforce,etc)
- ITIL Service Management or Agile Scrum methodologies
- A citizen of the U.S.;
- A lawful permanent resident of the United States;
- A person admitted to the United States as a refugee; or
- A person that has been granted asylum by the United States government.