Job Description :
Need USC or GC.
Onsite interview after telephonic .
Candidates who can relocate to Dallas/Texas if they are out of state.
Location: Plano, TX
Job: Security: Network Security (SIEM Analyst
Term: 1 year CT+ minimum (LONG TERM)
What I need to Submit: Last 5 SS & MMDD > NO LOGO ON RESUME
SIEM Architect – Lead- TOP SKILLS Reason for opening: This is not just part of a project… They want someone long term. This position is part of the Threat team. They will be working on upgrades, new features, implementations, defining roadmaps, expanding programs This person will need to be the Point of Escalation Work on incident response SPLUNK experience is preferred Q Radar experience is preferred Need to hit the ground running; there is no time for training Feedback from Carol on resumes that she has seen so far: Candidates are lacking required skills and/or don't have enough experience. They DON'T want someone who is "willing to learn”… they need someone who is already experienced and can go to work on day 1. Interview process: Phone Interview, Team F2F Interview, Final interview with Carol They want to fill this role ASAP – top priority Notes from call with David: Will be overseeing and managing tools such as Security Information & Event Management (SIEM) Host and Network based Intrusion Detection/Prevention Systems (IDS/IPS) ? Palo Alto Firewalls is what they use but it can be any kind L1/L3 Triage MacAfee Antivirus (experience with any antivirus is okay for example Symantec) Hard requirements: Coding and Scripting experience- they will need this experience for platform integrations- extracting certain forms of words/letters (experience with any of the following) Avoid Web Programming skills like PHP Restful APIs ? looking for this to bring in integration points They do not want an Architect- they need someone who is hands on Engineer/Analyst. Someone who can troubleshoot, Triage (L1-2), SME of Threat Intelligence Enhancing existing platforms Identifying, contain incidents, remediate, and prevent future intrusions Evaluate new technology in their domain Survey landscapes and be able to select technologies Threat Intelligence Experience- experience handling threat intelligence notifications. Certifications: not big on the Microsoft certs but if they have CEH (Certified Ethical Hacker) certs or similar he would be interested in seeing Must Haves: A Bachelor's Degree in Computer Science or Engineering or equivalent experience Coding/Scripting experience (e.g. Python, Perl, PowerShell) Proven experience with creating Regular Expressions Experience with RESTful APIs and automation 1 Year of SIEM and NIDS/NIPS (Symantec and/or McAfee preferred) operational experience is required; must have implemented and managed the above technologies; must possess strong technical knowledge of architecture, system policies, rules, etc. Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of management Work well in team environments with internal and external resources as well as work independently on tasks Strong organizational, multi-tasking, and time management skills Preferred/ Nice-to-haves: CISSP, CISA, CEH, OSCP, or other industry recognized security certification(s) IBM Qradar implementation and/or management experience Palo Alto and/or McAfee NSM implementation and/or management experience 1 Year of DLP, EDR Next Generation Firewalls, and/or Threat Intelligence administration experience; have used or implemented the above technologies in some capacity, understanding incident response, logging, analysis, policy drivers, rules, etc. What are the key objectives for this resource (project summary The key objectives for this Threat Analyst position are to expand threat detection and prevention capabilities in existing and future Security tools. The Analyst must be able to identify gaps in existing security configurations and provide effective recommendations to improve, remediate, and expand controls against cyber threats. What specific TFS departments will they interact with? Information Security, IT, HR, Legal, etc. How long is this project (please be specific Long Term Oversee and manage tools such as: Security Information & Event Management (SIEM) Host and Network based Intrusion Detection/Prevention Systems (IDS/IPS) Other security applications Conduct analysis, troubleshooting, and trending of incidents/events detected from SIEM, IDS/IPS, and other security applications Create custom rules and modify existing rules, policies, alerts, etc. within the listed security applications based on stakeholder needs or situational conditions Conduct ongoing Threat Hunting exercises using available security applications Perform Level 2 & 3 triage and handling of security events (escalated from Level 1 Security Analysts or other); includes but is not limited to identification, containment, remediation, and reporting activities. Create new and enhance existing procedures to improve operational efficiencies and reporting accuracy Develop detailed technical recommendations to solve current and future security issues; identify protection gaps and propose effective mitigating solution Maintain awareness of emerging threats against financial and affiliate verticals to ensure data protection, system integrity, and network availability Evaluate, design, implement, and configure new security products and technologies Develop, review, and maintain documentation for security systems and procedures Expand Threat Intelligence program through integration, automation, and enhanced workflows Analyze, evaluate, and communicate Threat Intelligence notifications to reduce risk exposures and to defend against cyber attacks