Senior Security Engineer - SIEM and UBEA

Bethesda, MD, United States

Marriott International

Book Directly & Save at any of our 8000+ Marriott Bonvoy Hotels. Choose from Luxury Hotels, Resorts, Extended Stay Hotels, Pet-Friendly Hotels & More.

View all jobs at Marriott International

JOB SUMMARY

We are seeking a highly skilled and experienced Senior SIEM and UEBA Engineer to join our cybersecurity operations team. The ideal candidate will have extensive experience in security architecture and engineering, with a strong focus on SIEM, UEBA platforms and log management.  Responsibilities include design, implementation, and maintenance of SIEM, UEBA and log management systems.  This role will provide engineering support for Insider Threat and Detection Engineering analytics teams to support development of threat detections.

 

 

CANDIDATE PROFILE

Education and Experience

Required:

  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 3+ years of experience in: 
    • Security architecture and engineering experience on SIEM, UEBA, and log collection and management platforms. 
    • Scripting language experience (*nix shell scripting, Python, PowerShell, etc.) and regular expressions
    • Linux and Microsoft operating systems (advanced knowledge)
  • 5+ years of experience in some or all of the following:
    • Experience working in (or with) security functions such as SOC, CIRT, security engineering, risk management, vulnerability management.
    • Technical infrastructure operations, administration, or systems engineering

Preferred Skills/Experience:

  • Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or an equivalent.
  • Splunk Certification, including Splunk Enterprise Security Certified Admin
  • Cribl Certified Admin: Stream
  • Working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022
  • Working knowledge of the MITRE ATT&CK Framework
  • Exabeam UEBA platform and Advanced Analytics administration
  • Splunk Enterprise platform and Splunk Enterprise Security administration
  • Hands on experience with logging implementations for services/assets in cloud service provider platforms (AWS, Azure, GCP)
  • Familiarity with Identity and access management systems, firewalls, next-gen anti-malware, intrusion detection and prevention systems, proxies, reverse proxies, credential vaults, and database fundamentals.
  • Knowledge of IP networking
  • Solid written and verbal communication skills

 

Core Responsibilities

What You’ll be Doing:

  • Designing, implementing, and maintaining the SIEM, UEBA, and log management systems.
  • Implementing and maintaining data pipelines to analytics platforms to support threat detection with SIEM, UEBA, and other log collection and management tools.
  • Working with Insider Threat, Detection Engineering, and other security analytics teams to support the development of threat detection analytics.  This includes integrations, data onboarding, data normalization, and stack tuning, for SIEM and UEBA platforms.  You’ll also collaborate with other security analytics teams to support data onboarding and other data management work for analytics development in Amazon Security Lake.
  • Collaborating with stakeholders in Global Information Security, Enterprise Architecture and other IT teams on the development of procedures, standards, integration and operability patterns for logging and monitoring.
  • Identifying and resolving escalated engineering-level analytics platform performance and functional problems for SIEM, UEBA, and log management systems.
  • Collaborating with other teams such as Security Architecture, Security Engineering, Policy and Compliance, network operations teams, dev ops teams to ensure the security of our infrastructure through the application of security controls for SIEM, UEBA, and log management systems.
  • Keeping pace with the latest security trends, threats, and technologies and making recommendations for improvements to our security posture.
  • Providing technical guidance and mentoring to junior team members.
  • Creating reports on analytics platform operations, documenting engineering processes, creating SOPs, and presenting findings and issues remediation plans to management and other stakeholders
  • Provide direction and support for the development of platform metrics, dashboards, and reports for analytics platforms to support operational monitoring.

Additional Responsibility:

  • Contribute to ongoing development and maintenance of documented standards, workflows, and best practices within the Analytics Platform Engineering discipline.
  • Research emerging threats and adversary tactics, techniques, and procedures to understand the threat landscape and the implications on our analytics platform architecture and configurations to maintain good security posture.
  • Provide governance support for the analytics platforms such as platform management standards and change oversight.
  • Support budgeting work with analysis of analytics platform resource and licensing utilization and forecasted needs.
  • Occasional participation in evaluations of new platforms, technologies and methodologies pertaining to security monitoring.
  • Attend SCRUM and prioritization meetings to review and update deliverables.

 

 

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Analytics AWS Azure CISA CISM CISSP Cloud Compliance DevOps Exabeam Firewalls GCP Governance IAM Intrusion detection Linux Malware MITRE ATT&CK Monitoring NetOps NIST PowerShell Python Risk management Scripting Scrum SIEM SOC Splunk Threat detection Vulnerability management

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.