As an Security Analytics Engineer you'll work closely with all of the security teams as well as data owners globally to help curate additional context to the large data sets within the security log lake. You'll help identify gaps and propose solutions in data sources that we are collecting from but not currently leveraging as part of our monitoring posture within security operations. Using your background in data engineering and analytics, you will help guide and build the security team in adding additional data to drive better decisions.
Responsibilities will include:
- Define & support a framework to document the data sources within the security data lake
- Create and implement a process to drive new data source onboarding and identifying security events in the new log stream
- Design, Build and Support data models using both real-time and historical analysis approaches to support the SOC team
- Create visualizations and reports to effectively convey the information discovered through data analysis to drive downstream incident discovery
- Work closely with the security operations team to understand questions and challenges you can help solve using data science analysis methodologies
- Drive continuous improvement in the area of incident detection by leveraging all available detection methods and log sources and work with Cyber Security Center (CSC) and Managed Security Services (MSS) SOC team to implement incident detection in the SIEM
- Evaluate existing detection technologies/methodologies for completeness of implementation to ensure there are no implementation gaps.
- Identity gaps in detection technologies and methodologies and drive functionality roadmap to improve the security posture
- Recommending and/or designing security controls to remediate or mitigate identified risks
- Collaborating with CIS Governance & Program Management by providing technical guidance and risk analysis to support development of effective security policies and review of CIS policy exceptions
- Current/Hands-on experience working with ELK stack, Kafka, Kibana and Arcsight
- Experience with architecting, deploying and integrating enterprise data with cloud-based data lake and other Hadoop, MapReduce, Kafka, Spark data streaming services
- Event Logging, monitoring, data enrichment and correlation experience
- Experience building and using AI and Machine learning capabilities
- Strong understanding of security incident management, malware management and vulnerability management processes and ability to leverage vulnerability and threat intelligence to enrich/correlate security log events
- Understanding of concepts such as anomaly detection vs signature detection or threat modeling
- Understanding of public cloud, private cloud and virtualization technologies and security controls for the same
- Knowledge of network security, endpoint security, authentication, and encryption technologies/concepts
- Understanding of security & auditing/logging for applications, Compute platforms (Unix/Linux, Windows, Mainframe, Databases), Storage platforms, Network infrastructure and perimeter security technologies
- Understanding of Networking concepts (i.e. VLANs, Firewalls, DNS, Load Balancing, TCP/UDP, NAT)
- Understanding of authentication (i.e. LDAP/AD, OAuth, SAML, HTTP Basic)
- Secure System Configurations
- SANS GIAC Certification (e.g., GPEN, GWAPT, GXPN, GMON, GCIP)
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
If you would like to request a reasonable accommodation, such as the modification or adjustment of the job application process or interviewing process due to a disability, please call 888 472-3411 or email accommodation@teksystems .com for other accommodation options.