Location: US, GA, AlpharettaApply Now
The Senior Security Engineer will understand a wide array of security processes and concepts. The Security Engineer will perform various duties such as SIEM administration, IDS/IPS monitoring and analysis, analyzing network traffic, log analysis, and prioritizing and differentiating between potential intrusion attempts and false alarms. This hands-on role requires a deep technical knowledge of security technologies and must have a solid understanding of information security and networking.
You are great at:
• Providing subject matter expertise for all SIEM components and design.
• Providing guidance regarding the implementation of log sources for the SIEM environment.
• Analyzing a variety of security logs to identify actionable events (SIEM reports-alerts-tickets, System, Network, Security monitoring tools)
• Researching security advisories, e.g., CERT, and delivering appropriate course of action
• Researching, analyzing, and understanding common and complex log sources.
• Participates in hunt missions using threat intelligence, analysis of anomalous log to detect and eradicate threat actors
• Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs)
• Capture intelligence on threat actor TTPs/IOCs and coordinate with SecOps pods to develop countermeasures
• Perform Root Cause Analysis of security incidents to develop enhancements to existing alerting tools
• Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
What it takes:
• 3-5 years SIEM experience that includes leading SIEM deployments and optimization.
• Minimum 2 years working experience with LogRhythm.
• BS in Computer Science, Cyber Security, Information Assurance, or Information Security preferred.
• Understands and can articulate how the SIEM platform and service provides value to the company.
• Experience in a large enterprise environment analyzing security event data for attack patterns and understanding attacker tactics.
• Experience in developing SIEM correlation rules to detect new threats beyond current capabilities.
• Working knowledge of Threat intelligence to interpret IOC’s and translating them for SIEM alerting.
• Understanding of OSI layers, network protocols (IP, ICMP, TCP, UDP), network services (DNS, DHCP, HTTP), routing protocols
• Scripting skills (PowerShell, Regular Expressions, Lua)
• Experience with Windows, Unix and Linux Operation Systems
• Experience creating and refining metrics to articulate and measure program performance. Able to work independently and efficiently, as well as with others, to meet deadlines in a fast-paced environment..
• CISSP, GCIH, CISA, CISM, or other industry certifications preferred.
At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer. We hire the best talent regardless of race, creed, color, national origin, ancestry, disability, marital status, sex, age, veteran status or sexual orientation. If you require accommodation at any time during the recruitment process please email firstname.lastname@example.org. Applicants have rights under Federal Employment Laws including but not limited to: Family and Medical Leave Act (FLMA), Equal Employment Opportunity and Employee Polygraph Protection Act