SIEM & Data Analytics Engineer

Thermo Fisher Scientific - Frederick, MD

posted about 1 month ago

Full-time - Mid Level
Frederick, MD
10,001+ employees
Computer and Electronic Product Manufacturing

About the position

As a SIEM Engineer at Thermo Fisher Scientific, you will be responsible for enabling cybersecurity response within the Corporate Infrastructure & Security (CIS) team. This role involves building and maintaining cybersecurity audit log delivery pipelines, developing searches, alerts, and dashboards within a cloud SIEM environment, and collaborating with Cybersecurity Operations to proactively identify and respond to potential threats.

Responsibilities

  • Map out and maintain audit log collection, transformation, and delivery to cloud SIEM and/or data lakes for long-term retention and regulatory compliance.
  • Build sophisticated search queries to find vital log activity and dynamically join diverse datasets together to present patterns of activity.
  • Develop new alerting mechanisms tailored to the security landscape within the SIEM platform.
  • Build insightful dashboards that provide clear visualizations of security metrics.
  • Support a large AWS cloud environment of Unix systems running the log collection backbone.
  • Liaise with SOC analysts, security engineers, and incident responders to understand critical processes and craft effective automations.
  • Ensure documentation and processes are well defined so that the engineered solutions are understood and repeatable.
  • Ensure solutions are well built, backed up & restore tested, and consistently maintained for health.

Requirements

  • Bachelor's Degree in cybersecurity, computer science, systems engineering, or related field, or equivalent work experience.
  • 2+ years of experience in a security engineering role with a focus on Splunk Cloud & engineering and development.
  • Experience maintaining Splunk forwarders, fleets of apps and add-ons, handling configuration and version upgrades.
  • 2+ years of experience managing Splunk Enterprise Security development and tuning.
  • Experience developing RBA use-cases, data normalization, and assets & identities configuration.
  • At least two years experience in AWS/Cloud-native platforms.
  • In-depth knowledge of SOAR platforms (Splunk SOAR/Phantom, Palo Alto XSOAR, Swimlane, etc.).
  • Strong scripting skills in Python or other relevant languages.
  • Understanding of network security protocols, threat intelligence sources, and incident response methodologies.

Nice-to-haves

  • Certifications such as Splunk Cloud Certified Admin, Splunk Enterprise Security Certified Admin, AWS Solutions Architect, AWS Cloud Security Engineer.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service