The Protect Analytics Engineering (PAE) team of Engineers are responsible for the management of Enterprise SIEM and related Cyber analytics systems (Splunk, Sentinel, CRIBL) providing technical guidance and direction.
We are looking for someone armed with a good IT Security engineering mindset to develop and maintain technical solutions around security analytics platforms with a focus of meeting business requirements.
As a member of the PAE team, you will be performing engineering tasks related to the administration/management of Splunk, Microsoft Sentinel, CRIBL platforms and associated system maintenance workflows.
Work collaboratively with the Protect Platform teams, as they ingest data needed for the security use cases, dashboard and report creation.
Work with the Senior engineers to plan strategic roadmap for analytics technologies in coordination with the business aspects of PADE (Protect Analytics, Data & Engineering).
Provide L3 support when needed by the L2 teams.
Ensure capacity planning, currency uplifts are planned and executed.
Think creatively to discover automation opportunities.
Support security logging and monitoring in Public Cloud.
Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
Adhere to strong technology risk management culture.
Strong administrative knowledge of Security Information and Event Management (SIEM) tools including Splunk and Microsoft Sentinel.
Operational experience in managing Splunk and Microsoft Sentinel in a large organization.
Good knowledge of technology risk, security, and controls.
Good consultation and communication skills.
Demonstrated ability to participate and contribute ideas in complex, comprehensive or large projects and initiatives.
Strong partnership skills with the ability to collaborate with team members and other lines of business.
Good written and oral communications skills, ability to articulate and present information to all levels of technical staff, and stakeholders.
Hands On administration of Splunk Enterprise Security (ES) or Splunk ITSI is an advantage.
University Degree.
Security+ or equivalent security certification required.
Azure Certificate and/or Splunk certification required.
CISSP, CRISC, OSCP, CCSP or CISM is a benefit.