McKessonposted 8 days ago
$116,700 - $194,500/Yr
Richmond, VA
Merchant Wholesalers, Nondurable Goods
About the position
McKesson's Senior Security Analytics and Automation Engineer will be a key member of McKesson's global Information Security and Risk Management (ISRM) team responsible for delivering actionable insights within security and risk analytics platforms. This individual will be the subject matter expert for Security Analytics and will be responsible for the architecture, operation and support of SIEM, SOAR and related technologies.
Responsibilities
- Design, implement, and support SIEM, SOAR solutions in a highly available, redundant, distributed computing environment for a global organization.
- Perform SIEM component configuration and troubleshooting across a variety of platforms both on-premises and in public clouds.
- Integrate data sources into SIEM from on-premises and cloud deployed devices and applications.
- Develop SIEM content and support other content developers using your expert knowledge.
- Monitor internal data sources to identify and resolve potential performance issues.
- Automate frequently used process and workflows with SOAR related technologies.
- Maintain technical documentation and design documents related to system configurations, processes, and operational procedures.
Requirements
- Requires 5+ years of relevant work experience.
- BS/BA degree or equivalent experience.
- 3+ years of IT experience in a technical position as an engineer, architect or system administrator within a large-scale mission critical enterprise environment.
- 3+ years of direct hands-on experience administration or support of SIEM solutions.
- Experience deploying, configuring and maintaining a SIEM at scale.
- Experience writing complex queries for dashboards, reports and apps.
- Experience automating repetitive and error prone operations with scripting languages.
- Working knowledge of enterprise architecture, infrastructure components and design.
- Experience working in an Agile environment using Scrum or Kanban methods.
- Team oriented with great communication and interpersonal skills.
- Ability to work on all aspects of large-scale projects including planning, prioritizing, executing, delivering, and sustaining.
Nice-to-haves
- Experience creating security detections for Splunk Enterprise Security or other correlation.
- Proficiency with Linux platforms, including shell scripting. Red Hat preferred.
- Experience with cloud platforms such as Microsoft Azure and GCP.
- Experience with additional logging/data broker ETL technologies such Kafka or Cribl.
- Certified Splunk Power User or Administrator, CISSP certification preferred.
- Working knowledge of machine learning and UEBA concepts.
Benefits
- Competitive compensation package including base pay and potential bonuses.
- Total Rewards package that includes various benefits.
