Sr. SIEM/XDR Engineer

Deepwatch

  • Tampa, FL
  • Permanent
  • Full-time
  • 1 month ago
Senior SIEM/XDR EngineerReporting directly to the VP, MXDR Solutions Architecture, the Senior SIEM/XDR Engineer provides support and addresses complex challenges encountered by our customers daily. You will be part of the team developing cutting edge content for CrowdStrike Next Gen SIEM. This role necessitates a solid foundation in SIEM, with a primary focus on Splunk, advanced proficiency in Linux systems administration, and a proven track record of using excellent soft skills to ensure positive customer interactions. You will also act as an internal escalation point for your peers. Deepwatch is an industry leader in delivery of Cyber Resiliency.Candidates must display aptitude and ability to manage a multitude of virtual resources in a fast paced environment. This position is virtual / remote - working from a home office unless traveling to a corporate office or client site.If you want to be a part of a dynamic team that will leverage your skills to innovate and maximize customer experience, enable you to maintain a strong work life balance, and assist you in reaching your career goals within the Information Security industry, look no further - this is a great opportunity for you.In this role, you'll get to:
  • Configure, manage, and maintain Splunk deployments to include clustering and high availability scenarios in our customer AWS, GCP, Azure, and On-Premise environments
  • Configure and optimize SIEM/XDR platforms to collect, normalize, and correlate security event data from diverse sources
  • Develop and maintain correlation rules, alerts, and dashboards to detect and investigate security incidents effectively
  • Conduct regular reviews of SIEM/XDR configurations and rulesets to ensure optimal performance and alignment with industry best practices
  • Document design specifications, deployment procedures, and operational guidelines for SIEM/XDR implementations
  • Perform advanced troubleshooting, upgrades, and configuration of Splunk including Splunk integrations and apps
  • Perform advanced troubleshooting, configuration, upgrades, and administration of Linux Operating Systems
  • Collaborate with fellow Deepwatch experts to deliver superior efficiencies and enhancements to the customer via the Deepwatch Security Platform
  • Consult with customers, in all roles, including leadership, to effectively deliver security solutions, and architecture recommendations
  • Be an escalation point for the SIEM Operations and Engineering team; focusing on excellent customer service and triaging of issues strategically in a timely manner
  • Prioritize and deliver solutions to deliverables from a wide range of engagements including: Platform Operations and Engineering Management, cases created, and escalations for technical issues
  • Be part of the on-call rotation for critical production support outages
  • Mentor and provide technical expertise to junior members of the team
  • Create and maintain documentation for customer environments, processes and best practices
  • Raise environmental and platform risks to management to avoid unnecessary Risk exposure
  • Stay current with emerging threats, vulnerabilities, and industry trends to continually enhance SIEM/XDR capabilities and processes.
To be successful in this role, you'll need to:
  • Have SIEM Certifications (Splunk Enterprise Certified Architect or Splunk Core Certified Consultant preferred) and/or equivalent demonstrable advanced experience with SIEM administration
  • In-depth knowledge of SIEM/XDR platforms such as Splunk, IBM QRadar, LogRhythm, or equivalent
  • Demonstrate a working knowledge in at least three of the following areas: Enterprise network architecture/administration, Enterprise Network Infrastructure Engineering or administration, Cloud engineering and administration, Endpoint Engineering and Administration, Identity and Access Management, DevOps, Security Operations Center (SOC), or SIEM Architecture and Engineering
  • Be comfortable providing customer-facing operational support in cybersecurity or information technology operations
  • Excellent analytical, problem-solving, and communication skills in a customer facing environment
  • Be self-driven and enjoy solving problems collaboratively in a fast-paced environment
  • Have proficient understanding of cloud infrastructure administration (e.g., Splunk, AWS, Azure, GCP, etc.)
  • Have basic experience with:
  • Leveraging configuration management/orchestration tools such as Ansible or AWX, Puppet, Terraform or other
  • Programming/scripting tools to help automate routine tasks (e.g., Python, Bash, Powershell, etc.)
  • Version control tools (e.g., git,perforce,etc)
  • ITIL Service Management or Agile Scrum methodologies
ITAR ComplianceThis position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:
  • A citizen of the U.S.;
  • A lawful permanent resident of the United States;
  • A person admitted to the United States as a refugee; or
  • A person that has been granted asylum by the United States government.
The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $136,000 to $204,000+ stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

Deepwatch