Senior Security Engineer - SIEM and UBEA
Bethesda, MD, United States
Applications have closed
Marriott International
Book Directly & Save at any of our 8000+ Marriott Bonvoy Hotels. Choose from Luxury Hotels, Resorts, Extended Stay Hotels, Pet-Friendly Hotels & More.We are seeking a highly skilled and experienced Senior SIEM and UEBA Engineer to join our cybersecurity operations team. The ideal candidate will have extensive experience in security architecture and engineering, with a strong focus on SIEM, UEBA platforms and log management. Responsibilities include design, implementation, and maintenance of SIEM, UEBA and log management systems. This role will provide engineering support for Insider Threat and Detection Engineering analytics teams to support development of threat detections.
CANDIDATE PROFILE
Education and Experience
Required:
- Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
- 3+ years of experience in:
- Security architecture and engineering experience on SIEM, UEBA, and log collection and management platforms.
- Scripting language experience (*nix shell scripting, Python, PowerShell, etc.) and regular expressions
- Linux and Microsoft operating systems (advanced knowledge)
- 5+ years of experience in some or all of the following:
- Experience working in (or with) security functions such as SOC, CIRT, security engineering, risk management, vulnerability management.
- Technical infrastructure operations, administration, or systems engineering
Preferred Skills/Experience:
- Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or an equivalent.
- Splunk Certification, including Splunk Enterprise Security Certified Admin
- Cribl Certified Admin: Stream
- Working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022
- Working knowledge of the MITRE ATT&CK Framework
- Exabeam UEBA platform and Advanced Analytics administration
- Splunk Enterprise platform and Splunk Enterprise Security administration
- Hands on experience with logging implementations for services/assets in cloud service provider platforms (AWS, Azure, GCP)
- Familiarity with Identity and access management systems, firewalls, next-gen anti-malware, intrusion detection and prevention systems, proxies, reverse proxies, credential vaults, and database fundamentals.
- Knowledge of IP networking
- Solid written and verbal communication skills
Core Responsibilities
What You’ll be Doing:
- Designing, implementing, and maintaining the SIEM, UEBA, and log management systems.
- Implementing and maintaining data pipelines to analytics platforms to support threat detection with SIEM, UEBA, and other log collection and management tools.
- Working with Insider Threat, Detection Engineering, and other security analytics teams to support the development of threat detection analytics. This includes integrations, data onboarding, data normalization, and stack tuning, for SIEM and UEBA platforms. You’ll also collaborate with other security analytics teams to support data onboarding and other data management work for analytics development in Amazon Security Lake.
- Collaborating with stakeholders in Global Information Security, Enterprise Architecture and other IT teams on the development of procedures, standards, integration and operability patterns for logging and monitoring.
- Identifying and resolving escalated engineering-level analytics platform performance and functional problems for SIEM, UEBA, and log management systems.
- Collaborating with other teams such as Security Architecture, Security Engineering, Policy and Compliance, network operations teams, dev ops teams to ensure the security of our infrastructure through the application of security controls for SIEM, UEBA, and log management systems.
- Keeping pace with the latest security trends, threats, and technologies and making recommendations for improvements to our security posture.
- Providing technical guidance and mentoring to junior team members.
- Creating reports on analytics platform operations, documenting engineering processes, creating SOPs, and presenting findings and issues remediation plans to management and other stakeholders
- Provide direction and support for the development of platform metrics, dashboards, and reports for analytics platforms to support operational monitoring.
Additional Responsibility:
- Contribute to ongoing development and maintenance of documented standards, workflows, and best practices within the Analytics Platform Engineering discipline.
- Research emerging threats and adversary tactics, techniques, and procedures to understand the threat landscape and the implications on our analytics platform architecture and configurations to maintain good security posture.
- Provide governance support for the analytics platforms such as platform management standards and change oversight.
- Support budgeting work with analysis of analytics platform resource and licensing utilization and forecasted needs.
- Occasional participation in evaluations of new platforms, technologies and methodologies pertaining to security monitoring.
- Attend SCRUM and prioritization meetings to review and update deliverables.
The salary range for this position is $132,900 to $160,300 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.
Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.
All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
The application deadline for this position is 28 days after the date of this posting, October 8, 2024.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
Tags: Analytics AWS Azure CISA CISM CISSP Cloud Compliance DevOps Exabeam Firewalls GCP Governance IAM Intrusion detection Linux Malware MITRE ATT&CK Monitoring NetOps NIST PowerShell Python Risk management Scripting Scrum SIEM SOC Splunk Threat detection Vulnerability management
Perks/benefits: Equity / stock options Flex hours Flexible spending account Flex vacation Health care Insurance Medical leave Parental leave Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.