Job Description :
Job Title: Information Security Engineer
Job Location: San Jose, CA 95131
12+ Months Contract
Job Description:
Client information security is looking for a candidate who will assist with the design, implementation, security and ongoing support of the cyber security tools and processes within their Global Information Security Team.
This position will work directly with teams inside and outside of GIS as part of our overarching data security strategy for corporate and marketplaces Threat Management and Response, Data Science, and GRC initiatives.
The ideal candidate will have a passion for cybersecurity, system monitoring and analysis, and developing/automating creative solutions. As a Security Engineer, you will be expected to be skilled at identifying security gaps in infrastructure and process, effectively execute projects/initiatives to address them, demonstrate excellent judgment, prioritization and communication of technical security risks, and act as a security liaison supporting business units.
Key Responsibilities may include:
Provide technical inputs, evaluate and recommend new and emerging security products and technologies
Defines security configurations for threat detection and prevention tools
Designs automated workflows to streamline security operations
Monitors and proactively manages supported products and services to assure their performance, availability, security, and capacity.
Researches, analyzes, and formulates recommendations regarding technologies, products,
and solutions to fulfill requirements within the enterprise.
Security tool administration and support (Network/Endpoint/Threat Hunting/Investigations)
Tool deployment and implementation experience on a global scale
Splunk Admin and Architecture related tasks
Ability to debug configuration issues on different splunk components
Understanding of Splunk configurations, dependencies, and forwarder management
Understands Splunk architecture and components (search head, deployment server, cluster master, indexers, forwarders (HF/UF)
Strong understanding of enterprise logging using syslog-ng, with a focus on security event logging
Knowledge of system and network architecture and interrelationships (technical and functional
Designs, implements, configures, and manages solutions within the supported Linux technologies, products, and services.
Research and recommend innovative and automated approaches for operational tasks which leverage available resources and simplify operational overhead.
Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
3 major components –
Splunk
Linux/Unix
Security
Recently working with Splunk
Who can do application addon/ installation in splunk
Create Customs searches in splunk
Create dashboard in splunk
Do performance and capacity planning in splunk
How to create, manage search headers , indexer and forwarders in splunk
Person who will be a power user ( no simply an end user )
Patch management
They use SALT for Automated deployment – Salt will be plus
Experienced with different security tools
Like Database security, Malware, End point Carbon black
Who can configure these also
Day to day and Background.
They need someone who has been an operations experienced not devloper or analyst.
Someone who started in SOC (security as engineer)
This position is in Eng/Ops group not analyst responsibilities.
Day to day activities will involve creating splunk indexers, updating search heads.
Monthly patch management of servers(linux/unix) 1000+
Basic Qualifications:
Minimum 8-10 years of experience in Security Administration
Minimum 3 years of experience in implementing and managing Splunk in a large scale environment
Must be well organized and able to leverage best practices, able to thrive in fast-paced environment, and, most importantly, have the ability to approach problems with an innovative, can-do attitude
Demonstrates the ability to analyze and resolve issues independently
Knowledge of project management tasks, experience creating application documentation, and demonstrated ability to train other team members.
Manage maintenance, enhancements and upgrades for supported security systems using standard project methodology
Scripting knowledge is a plus (python, shell)
Bachelors Degree preferred
Splunk certifications is a plus
Preference for at least one current recognized security professional certification such as CISSP, GIAC
Experience in working in a highly dynamic large scale enterprise
Knowledge of security vendors and security product capabilities
For global information system team at client
Sr level Eng. who has enterprise level splunk exp.
Well-rounded engineer
Well-rounded 10 Yrs. of experience
3-5 Yrs. Splunk exp.
Multimode & multisided splunk experience
Large cluster
Capacity plan
Architecture
Will be doing regular maintenance of the system
He should be administering the cluster & will do proposal for enhancing the same
Objective is to bring new data system & this person will be lead for the process.
The resume till now in system is lacking basically Splunk exp at enterprise level Most of them are mainly a Splunk Dev for small firm & for small prject. They will not fly.
8-10 Yrs of security exp. they will look for (with large organization)
Professional Skill Requirements:
Good organizational, multi-tasking, and time-management skills
Ability to successfully pass a client background screening if required
Proven ability to work independently and as a team member
Good communication (written and oral) and interpersonal skills
Ability to work with multiple teams in a fast paced environment
Questions
Do you have experience in capacity planning for large clusters with data ingestion? The manager is looking for? 1TB/day
Do you have experience supporting a large cluster (multi node/multisite/Linux If so how many?
Do you have experience in administration of Splunk Enterprise Security along with managing and administering data models, knowledge objects etc
Are you comfortable leveraging partial features of a deployment server, when combined with a declarative, version controlled, configuration management solution (salt/puppet etc
Are you familiar with API integrations, building your own