Cybersecurity Engineer Lead

The Cybersecurity Engineer Lead will foster the development of the engineering team’s detection engineering and threat hunting services performed by Sherwin-William’s Cybersecurity Operations Center (CSOC). This team is responsible for creating and tuning high-fidelity detections for the company’s CSOC using our Security Information and Event Monitoring (SIEM) tool and various data sources.

This candidate is responsible for Detection Engineering, Threat Hunting, and Security Monitoring programs. Your primary focus is to create and tune detections and alerts that safeguard sensitive information from unauthorized access or harm caused by cybercriminals or malicious insiders. Assignments at this level will focus primarily on SIEM and Security Orchestration and Automated Response (SOAR) technologies that support the Cyber Department. Typically working alongside IT departments, business stakeholders, and cybersecurity engineers. This role reports directly to the CSOC manager.

• Lead customization, alerting, tuning, and automation solutions for our SIEM/SOAR platform.
• Configure SIEM detections and event data quality to maximize SIEM alert efficiency.
• Create and tune UEBA and anomaly-based detections.
• Lead development of SOPs for performing lead-driven and leadless hunts. Adjusting processes and procedures to ensure continuous improvement.
• Assist management in defining roles and responsibilities for threat hunting team.
• Lead monitoring of perimeter, host environment, network traffic, access and identity, applications, physical environment, cloud, and OT data sources.
• Provide early and real-time alerts of intrusions, exfiltration, malware, and anomalies
• Support the ingestion and management of various data sources.
• Work with SIEM partners to create and enhance dashboards.
• Occasionally perform investigation and triage of events and incidents. Escalate according to established playbooks in support of Incident Response process.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.

This position has a hybrid work schedule with three days in the office and the option for working remotely two days.

Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The 
Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.

Formal Education & Certification

Bachelor’s degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.

Knowledge & Experience

• 8+ years IT experience.
• 5+ years of experience Working within a Cybersecurity team.
• Experience with creating and tuning detection rules in Splunk or Sumo Logic.
  • Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.).
  • Understanding of log ingestion and complex data sources.

Preferred Experience

• SIEM/SOAR solutions, such as Splunk and Sumo Logic.
• Security Operations Center (SOC) or working with a MSSP.
• Threat Intelligence Platform (TIP) and integrating into a SIEM solution.
• User and Entity Behavior Analytics (UEBA) or anomaly-based detections.
• Virtualization and container application technologies such as VMWare and Docker.
• Leading lead-driven and leadless hunts.
• Identifying and implementing solutions to complex business problems.
• Project Management.
• Scripting and automation.
• Utilize key performance indicators to track log source availability.

Personal Attributes

• Strong analytical, conceptual, and problem-solving abilities.
• Strong written and oral communication skills.
• Strong presentation and interpersonal skills.
• Ability to conduct research into database issues, standards, and products.
• Ability to present ideas in user-friendly language.
• Able to prioritize and execute tasks in a high-pressure environment.
• Ability to work in a team-oriented, collaborative environment.
• Strong commitment to inclusion and diversity.
• Curiosity and willingness to learn about systems, tools, and networking.
• Ability to step in and lead others in the absence of direction.
• Hybrid on-site and remote work
• Work outside the standard office 7.5-hour workday may occasionally be required as well as willingness to be on-call option for after-hours support.
• Minimal travel is required.

Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!  At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee. Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable. Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract. As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans. Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.