Security Analytics Engineer - job id 31307


Your Way To Work™

Security Analytics Engineer

$$

Downtown, NYC - Financial District



How to Apply

logo

Maxim Nikouline


logo

(646) 876-9538


logo

(212) 616-4800 ext-190




A Contract position at a preeminent global financial services firm.

Pay Options: IC - Self Incorporated or w2.

Contact Maxim call (646) 876-9538 / (212) 616-4800 ext.190 or email max@sans.com with the Job Code MN31307 or Click the Apply Now button ().

Location: Downtown, NYC - Financial District.

Skills required for the position: SPLUNK, SIEM, DATA MODELING, PYTHON, PERL, SYSTEM ADMINISTRATION, LINUX, SECURITY.


Detailed Info: This role seeks someone who can provide the highest level of security consultancy and engineering oversight of our Security Analytics platforms. Work with global colleagues from both internal and external teams throughout the organization to provide solutions via ongoing communications and consistent processes. Onboard and cleanse data sources using CIM(Common Information Model) best practices for field extraction and Splunk Data Model optimizations. Complete environment tooling, configuration, build, and documentation tasks with a focus on quality and ongoing platform supportability. Provide support for production platforms through health monitoring and root cause troubleshooting. Develop tools to automate/improve existing processes and procedures in areas such as configuration management and runtime tooling. Assist in the design, architecture and implementation of Security Analytics infrastructure with a focus on a wide variety of areas spanning: performance analysis, platform optimization, monitoring/metrics gathering to facilitate reporting/tuning, upgrades, process management, capacity planning, and relevant documentation using the Firm's tools in a fashion consistent with existing policies and procedures. Participate in technology evaluations and play an active role in suggesting improvements based on technology trends, best practices, and industry standards.

Development/Computing Environment: Customer-focused Splunk Enterprise Security SIEM engineering background - SME knowledge of ES v4.7. Direct experience with Splunk Engineering and data integration. Prior SIEM data modelling experience on similar platform at scale (>50 servers). Scripting and development skills in Python/Perl with deep comprehension of regular expressions. Broad Linux/*nix Systems Administration experience. Exceptional communication/interpersonal abilities as a flexible, self-driven team member. Strong task management and organizational skills to insure balance and timely completion of ongoing efforts. General networking and security knowledge in areas such as Firewalls, TCP/UDP, Routing/Switching, DNS, NAT, Packet Tracing and Analysis, etc. Ability to demonstrate broad exposure to various technologies - Preferably in a global environment in the finance industry or an industry at a similar scale. Desired Skills: Splunk Enterprise platform integration and deployment experience. Big Data experience with tools such as Kafka, NiFi, Storm, Grok, Parquet, Spark, HDFS. Familiarity with key security events on common platforms. Knowledge or experience with security areas such as Indicators of Compromise (IoC). Industry certifications such as CISSP, SANS, CeH, etc. SDLC experience using systems such as JIRA and Git/SVN. Familiarity with DevOps style content management platforms such as Ansible/Puppet/Chef. Experience authoring security policy and security best practice documentation..

The position offers competitive rate.


Job Id: 31307