SIEM Engineer

Preferred

Skills:

Prior experience engaging with State agencies/employees as clients

Responsibilities :

• Primary engineer managing SIEM platform with IBM QRadar and/or Palo Alto XSIAM and supporting delivery for Managed Security Services to a State Government client to provide timely, accurate, planned completion and implementation of security services, which must be available for 24x7x365 support.
• Leads primary day-to-day SIEM interactions with project team and State cybersecurity staff.
• Manages platform health, performs upgrades, including managing deployed sensors and collectors.
• Interacts with SOC analysts to tune alerts and use cases, to include integrations with client.
• Previous hands-on QRadar engineering and configuration experience required as system will be undergoing platform upgrades. Any Palo Alto XSIAM training
• Adding new log sources to existing QRadar and/or XSIAM, configure use cases, alerts, etc.
• Perform QVM scans
• Conduct Nessus SCSEM scans
• Triage scan finds, publish results, fine tune alerts
• Ensure software is developed to meet functional, non-functional, and compliance requirements.
• Code solutions and perform unit testing.
• Ensure the solution can be integrated successfully into the overall application/system with clear, robust, and well-tested interfaces.
• Perform troubleshooting, work through complex requirements/solutions, and provide assistance/coaching with the creation of QRadar search queries and dashboards.
• Provide engineering and administration in supporting complex and large Splunk environments consisting of search heads, indexers, deployment servers, heavy/universal forwarders, etc.
• Review and architect scalable and organized frameworks for security automation and orchestration and pre-investigation analysis and triage of alerts from various sources like detection pipelines, exploitable vulnerabilities and reports.
• Maintain strong partnership with Detection & Response leadership and other teams in Security Org