Sr Systems Administrator - Security

Job Overview
Job Order:JO00019899
Date Posted:Jan 5
Category:3 - Information Technology (I/T)
Metro Area:

SIEM / Data Visualization
• Maintain infrastructure supporting the security incident event management (SIEM) solution.
• Develop and enable integrations between security controls and data enrichment sources to provide SIEM with additional security-focused data for analysis, review, and escalation.
• Troubleshoot and tune security monitoring devices to improve event correlation and performance.
• Work with leadership to develop relevant metrics, dashboards, and reports on the overall health and effectiveness of the cybersecurity operations team.

Incident Management / Response
• Develop and maintain incident management platform.
• Create filters, data monitors, dashboards, and reports within case management and monitoring solutions for use by various audiences.
• Perform analysis of escalations from analysts and work to identify process changes and/or automation to increase the efficiency of incident response.
• Develop and update procedures, and configure tools for security analysts to use.
• Handle high and critical severity incidents as described in the incident response plan documentation.
• Work with L1/L2 analysts and system owners to contain intrusions and recover compromised systems.

• Continuous review of the capabilities and configuration of existing security stack managed by Cybersecurity Operations team.
• Design, develop, and implement technical solutions to mitigate security risks.
• Create and maintain security policies, standards and procedures for the Cybersecurity Operations team.
• Lead internal and third-party penetration testing exercises and provide analysis and recommendations of results.
• Provide analysis of new security technologies and their applicability to our environment.

• Bachelor’s Degree, or regional equivalent education required, preferably in a related discipline, such as Cybersecurity, Information Systems, or Computer Science
• SANS training a plus
• Additional cybersecurity-focused certifications are a plus (ex. Security+, GSEC, GMON, GDSA, GCDA, CISSP)
• 2-6 years related professional experience
Language Skills
• English (fluency in reading, writing and speaking)
• CrowdStrike CCFA/CCFR a plus
• Elastic Engineer I/II a plus
Additional skills
• Experience with PowerShell / Python scripting for automation and integration
• Strong experience managing cases with enterprise SIEM systems
o Experience using the Elastic stack preferred
o Experience using TheHive is a plus
• Experience with host and network-based security tools desired
o Experience with identity-based security tools a plus
• Experience with developing security policies, standards, and procedures
o Experience using event escalation and reporting procedures a plus
• Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies
• Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
• Knowledge of cyberattack techniques and tools
• Ability to learn and operate in a dynamic environment
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
• Strong oral and written communication skills
• Ability to manage simultaneous multiple complex tasks and to bring activities to closure
• Familiarity with global regulations as well as common IT frameworks and standards (ex. NIST)