T3 SIEM Security Engineer - (ON-SITE, 2X PER WEEK)
GDH

Candidate Description

This is a SIEM Engineer role and candidate must be able to demonstrate ability to perform and support multiple SIEM platforms to support in-depth investigations and 'hunting' activities. Demonstrated experience in using the Azure Sentinel SIEM or three other SIEM technologies from an engineering and content developer is REQUIRED. Holding the CompTIA Security+ or equivalent is preferred. Any SIEM certifications are a plus.

This position is based in AUSTIN, TX , and will support the customer's 24x7 Security Operations Center (SOC). This position is in direct support (on-site at customer facilities) of an AT&T customer in the government sector. Preference will be made for candidates who can support 'non-business hours' shifts.

Selected candidates must be US Citizens, 18 years of age or older, pass a CJIS background check process, and complete basic safety and security training to meet the customer requirements.

Responsibilities

· Provision security tools for customers.

· Help determine tactics, techniques, and procedures (TTPs) for security tools.

· Characterize and analyze network traffic to identify anomalous activity, malicious activity, and potential threats and/or vulnerabilities to network resources.

· Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

· Perform cyber defense trend analysis and reporting.

· Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

· Provide daily summary reports of network events and activity relevant to cyber defense practices.

· Create and document procedures and work instructions for use by the SOC staff (Tier 2 thru Tier 3).

· Train and mentor other SIEM Engineers and/or SOC Analysts as needed.

· Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

· Ability to work with provided security policies to design and implement network and security rules and configurations across various security platforms.

Candidate Requirements?

Candidate should have strong communications skills, both written and verbal, be comfortable presenting information to teammates, customer technical personnel and AT&T Leads and Managers.?

?

The preferred candidate is REQUIRED to have:

· Demonstrated experience using either an Enterprise/MSSP?and or cloud Security SIEM technologies as an analyst.?

· Ability to support and work across multiple customer and bespoke systems.?

· Must be able to pass a CJIS background check process and other background checks to comply with customers contracts.?

· Complete basic safety and security training to meet the customer requirements.?

· Ability to work a rotating shift and on-call schedule as required.?

· CompTIA Security + certification?or equivalent/higher?

· Selected candidates must be US Citizens.?

Candidate Preferred Requirements

The Preferred candidate holding one or more of the industry certifications will be a plus

· CompTIA Security+

· Other Certs - such as CompTIA Networking+, any Cloud Certifications, Devo, Splunk, Azure Sentinel

· Eight (8) years of Security Incident Response, Security Operations Center, and/or threat analysis experience. With five (5) years as a part of a Perimeter team.

Qualifying Experience and Attributes

· Experience with SIEM tuning

· Experience with log ingestion into the SIEM by raw log ingestion, email, and API.

• Ability to create and maintain custom reports, dashboards and views utilizing the SIEM
• Ability to create 'use cases' to customize the alerting of the SIEM to meet customer needs

· Strong knowledge of Virtualized or Cloud Computing.

· Strong Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

· Knowledge of Mitre ATT&CK and Mitre D3FEND

· Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

· Knowledge of cybersecurity and privacy principles.

· Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).

· Knowledge of incident response and handling methodologies.

· Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

· Knowledge of key concepts in security management (e.g., Release Management, Patch Management).

· Knowledge of security system design tools, methods, and techniques.

· Knowledge of what constitutes a network attack and its relationship to both threats and vulnerabilities.

· Knowledge of cyber defense and information security policies, procedures, and regulations.

· Knowledge of cyber attackers (e.g., script kiddies, insider threat, nation/non-nation state sponsored).

· Knowledge of system administration, network, and operating system hardening techniques.

· Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

· Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

· Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

· Knowledge of how to use network analysis tools to identify vulnerabilities.

· Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

· Skill in performing packet-level analysis.