The SIEM Engineer III within the Monitoring and Response team contributes to a variety of global enterprise information security services in support of the Chief Security Officer. The Analyst III will have demonstrated in past roles the ability to work effectively with limited supervision on security related tasks and projects, drive results, and build positive relationships with coworkers and customers (both internal and external), specifically in the areas of Security Information & Event Management, Data Analytics, creation of security relevant dashboards, reports, event correlation, etc.

The SIEM Engineer III within the Monitoring and Response team contributes to a variety of global enterprise information security services in support of the Chief Security Officer. The Analyst III will have demonstrated in past roles the ability to work effectively with limited supervision on security related tasks and projects, drive results, and build positive relationships with coworkers and customers (both internal and external), specifically in the areas of Security Information & Event Management, Data Analytics, creation of security relevant dashboards, reports, event correlation, etc. This individual will have a key role in supporting one or more of the following enterprise security services:

Information Security Monitoring & AnalysisInformation Security Incident ResponseInvestigations & Digital ForensicsVulnerability & Exposure ManagementInsider Threat & Threat IntelligenceInformation Security Automation & DevelopmentProduct SecurityIdentity & Access Management

The incumbent will play a strong role in building and maintaining the infrastructure supporting the collection, correlation, and identification of indicators of malicious or inappropriate activity. This individual must have solid technical experience managing security relevant data to facilitate intrusion detection, log analysis, and incident response. This role will require the individual to perform as an escalation path for events and incidents as required.

The SIEM Engineer III will have a high level of collaboration with Security Engineering, Security Analysts, Operational Peers, and Leadership Stakeholders. The ideal candidate will have a strong interest in complex problem solving, ability to challenge assumptions and consider alternative perspectives, think quickly, and perform in high-stress situations, and operate well in a strong team environment.

Responsibilities:

Support the global configuration, growth, and maintenance of enterprise SIEM platform (on-premise and various public cloud provider environments)Onboard new data sources, analyzes and parses for CIM complianceSupports the automation and improvement of the overall Information Security posture at AsurionSupport development of SIEM program KPIs with Security LeadershipDefine and build an Information Security Data Retention lifecycleSupport vendor relationship; drive direction of SIEM program at AsurionPerforms analysis and response to security relevant alerts and events; serves as an escalation point for security relevant alerts and events from Junior AnalystsInterest and willingness to mentor junior team membersCollects, assesses, and reports upon relevant threat intelligence / actionable security information and appropriately modifies tactical operations accordinglyIdentifies business risk and advises appropriate business contacts as required to treat such riskSupports the automation and improvement of the overall Information Security posture at AsurionAssists with executing remediation plans for any gaps reported in audits or recommended process improvements that effect core information security servicesServers as a leader in technical space, which proactively seeks out new technical solutions, identifies gaps, understands risk-based prioritization within the greater Security & Risk function, etc.Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining professional networks; participating in professional organizationsPerforms other related duties as assigned in support of other Security & Risk program efforts

Requirements:

BA or BS in Computer Science, Management Information Systems, Engineering, or related field desirable, practical experience plus education and certifications may be consideredMS in Computer Science, Information Systems, Engineering, or a related field, desiredIdeally, 3+ years of progressive experience in computing, Splunk Architecture, Splunk Engineering, and Administration (HEC, UA, Content Development, Props, Transforms, Extractions, Dashboarding, etc.)Other relevant experience considered in comparable SIEM tools (LogLogic, ArcSight, QRadar, ELK, etc.) with strong desire to possess experience in log bus solutions (i.e. Kafka)Documented understanding of core network protocols (TCP/IP, ICMP, DHCP, DNS, etc.)Familiarity with common programming languages desirable (Python, Java, C#, PowerShell, etc.)Splunk certifications desirable (Certified Admin, Certified Architect, Enterprise Security Certified Admin, etc.)Vast knowledge within a Linux environment, editing and maintaining Splunk configuration files and applicationsThe ability to operate under ambiguous circumstances, address uncomfortable issues and leverage data to make informed decisionsExcellent communication (oral, written, presentation), interpersonal and consultative skills are required.  

This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

For two decades, Asurion has led the technology protection industry around the globe. The Company provides premier support solutions to enable optimum use of technology; digital applications to protect their privacy and provide security; and rapid replacement of lost, stolen, damaged or malfunctioning devices. Asurion partners with the leading wireless companies, retailers and service providers enabling them to focus on their businesses and to provide services that delight their customers. Asurion's 16,000+ employees worldwide specialize in fulfilling the needs of more than 280 million consumers.

We value open source technologies, solve challenging and unique problems, and innovate quickly. We embrace continuous delivery and Lean Startup principles.  We encourage creativity from our architects and engineers every step of the way, working with various teams including product, user experience, call center operations, mobile and systems. Our teams are small enough to make fast decisions, yet our audience is large enough that our work makes a tremendous impact.