Security Operations Sr. Specialist for Risk & Security Analytics
ROU - Bucuresti - Bucuresti (Ana Tower)
Applications have closed
MSD
At MSD, we're following the science to tackle some of the world's greatest health threats. Get a glimpse of how we work to improve lives.Job Description
We are seeking a Security Operations Sr. Specialist for Risk & Security Analytics with expertise in Platform Management to join our team. The role involves managing and optimizing Microsoft Sentinel, Splunk, Cribl, and Anomali platforms. The ideal candidate will work closely with various teams including engineering, SOC, L3 support, 24x7 support, business stakeholders, and vendors to ensure the effective operation of our security platforms. This position is fully remote and requires availability during Romanian working hours.
Key Responsibilities:
- Platform Management: Oversee the management, health, and performance of Microsoft Sentinel, Splunk, Cribl, and Anomali platforms
- Collaboration with SOC Teams: Support SOC teams by ensuring the security platforms are fully operational, optimized, and able to deliver timely and accurate data for incident response.
- ITIL Process Management: Adhere to ITIL processes for change management, problem management, and service management related to the security platforms.
- Log management using Cribl: Ensure that all relevant log sources are ingested, optimized, and routed appropriately using Cribl to maximize visibility, and performance within the SIEM platforms.
- Platform Tuning and Optimization: Regularly update, fine-tune, and optimize SIEM rules, and policies in collaboration with the SOC and/or engineering teams to maintain system efficiency and reduce false positives.
- Threat Intelligence Integration with Anomali: Ensure that threat intelligence feeds from Anomali are properly integrated and maintained to enhance platform performance.
- Vendor Management: Collaborate with vendors for platform support, troubleshooting, and upgrades. Manage relationships to ensure timely resolution of issues and optimal platform performance.
- Service Availability and Maintenance: Oversee the regular maintenance, patching, and availability of security platforms, ensuring that they meet operational and business requirements.
- Reporting and Documentation: Generate reports and maintain documentation on platform performance, system changes, and operational tasks for internal stakeholders and management.
Qualifications:
- Proven experience (5+ years) in platform management, with hands-on experience using Microsoft Sentinel, Splunk, or other SIEM platforms.
- Experience with Cribl for log management and optimization, and Anomali for threat intelligence integration.
- Strong knowledge of ITIL processes, particularly in change management, problem management, and service management
- Ability to collaborate with cross-functional teams including engineering, SOC, L3 support, 24x7 support, business stakeholders, and vendors.
- Cloud Security Experience (Azure, AWS, GCP) is a plus.
- Familiarity with SIEM performance optimization and automated workflows (e.g., Logic Apps, SOAR platforms)
- Certifications such as ITIL, CISSP, CEH, GCIH, or Microsoft Certified: Security, Compliance, and Identity Fundamentals are highly desired.
Preferred Skills:
- Proficiency in KQL for advanced search and analysis in Microsoft Sentinel
- Splunk SPL proficiency for advanced queries and reporting
- Expertise in Cribl for optimizing and routing log data to SIEM platforms.
- Experience in integrating and managing threat intelligence feeds with Anomali.
- Familiarity with ITIL-based service delivery and process management.
What we offer:
- A hybrid work environment
- Competitive salary and benefits package
- Opportunities for professional growth and further training
- A dynamic and supportive team environment, collaborating on the latest in security technologies.
Current Employees apply HERE
Current Contingent Workers apply HERE
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
RegularRelocation:
DomesticVISA Sponsorship:
NoTravel Requirements:
10%Flexible Work Arrangements:
HybridShift:
Not IndicatedValid Driving License:
NoHazardous Material(s):
n/aJob Posting End Date:
11/1/2024*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics AWS Azure CEH CISSP Cloud Compliance GCIH GCP Incident response ITIL Sentinel SIEM SOAR SOC Splunk Threat intelligence Vendor management
Perks/benefits: Competitive pay Flex hours Health care Relocation support
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.