Job Description

The Sr. Engineer, Infrastructure-Endpoint Security Operations role is a senior technologists tasked to deliver best-in-class SIEM and logging capabilities. The role requires technical experience in multiple capabilities and a vendor agnostic approach for enterprise SIEM infrastructure, including syslog technologies and methods for log shipment and parsing. Responsibilities: Enables the business to innovate rapidly and achieve its goals by providing a reliable logging infrastructure. Responsible for supporting the ongoing needs for log ingestion and parsing. Responsible for health checks, upgrading and maintaining the SIEM infrastructure, including application upgrades and endpoint logging configurations. Collaborating with a broad spectrum of IT and business teams to ensure optimal implementation of log ingestion from various endpoints -including systems and applications. Provide best-practice guidance and advice to continuously improve logging infrastructure. Perform root cause analysis to prevent future recurring problems. Provide support and guidance to team members related to system configuration and log management. Provide metrics, indicators, and reporting on the performance of the services to management. Ensure continuous improvement of the services based on alignment with the BMS Cyber Fusion Center. Skills/Experience Required: Requires 4+ years experience supporting SIEM, logging and related technologies and processes. Bachelor s degree (or equivalent education plus experience) and security certifications including CISSP, GIAC are a plus. Deep knowledge of Windows and Linux Operating systems. In depth knowledge of SIEM and log shipping tools/methods like Rsyslog, syslog-ng, Windows WEF. Experience managing Splunk in a large enterprise is preferred. Proven track record of implementing and managing enterprise logging infrastructure. Excellent communication and collaboration skills are required.

foundit