Optiv Security Security Analytics Content Developer (DEVO) | Managed Detection Response | Remote, USA - 9b0c9b4e-8f95-4bb1-bcc8-fd4d538 in Kansas City, Kansas
This job was posted by https://www.kansasworks.com : For more information, please see: https://www.kansasworks.com/ada/r/jobs/11641411 At Optiv, we're on a mission to help our clients make their businesses more secure. We're one of the fastest growing companies in a truly essential industry.
In your role at Optiv, you'll be inspired by a team of the brightest business and technical minds in cybersecurity. We are passionate champions for our clients, and know from experience that the best solutions for our clients' needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We're proud of our team and the important work we do to build confidence for a more connected world.
The Optiv Security Analytics - Content will be dedicated to developing, deploying, and maintaining Optiv standard content for MSS client Splunk Enterprise Security platforms. In addition, as information grows exponentially and as the sources and types of data become more complicated, analyst must know the latest strategies and tools to help the business leverage that data for increased profitability and growth as well as security. The employee will be responsible for creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments. Experience and knowledge of SIEM or Situational Awareness are essential. The Content Developer will work closely with Management, Senior Engineers, Solution Architects, Senior Security Engineers from other internal teams and clients to complete high profile, critical services to existing Managed Security Service clients. Serve as a primary responder for Managed Security customer systems, taking ownership of client configuration issues and tracking through resolution. Build data pipelines to automate batch and real-time data delivery through Stream Sets' streaming data platform to data lakes, warehouses, analytical and machine learning applications
How you'll make an impact:
+ Act as a point of escalation for other Engineers (Analyst at all levels) and provide guidance and mentoring.
+ Assist with client transition and onboarding serve as primary point of contact for Managed Security Service clients.
+ This will require documentation of Account Governance processes and responsibility for report generation and notification to senior leadership about potential client Service Level Agreement (SLA) issues.
+ Explain and demonstrate how to use Devo products to both technical and relatively non-technical personnel.
+ Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
+ Implement and configure Devo and appliance-based products in large enterprise and Government environments.
+ Develop and deploy Devo content and reporting.
+ Provide escalation support to Tier 1 and 2 for Authorized Support Customers, following processes and interacting appropriately with both customers and partners when required.
+ Perform knowledge transfers and train clients regarding security and system configuration
Qualifications for success:
+ 3+ years professional experience managing and maintaining SIEM systems.
+ 2-3 years professional experience working with networks and network architecture.
+ 1+ year professional experience writing SIEM content specifically for Devo.
+ Ability to deal confidently with complex technical problems
+ Expert-level knowledge of Devo
+ Experience with building intricate sear ches from disparate data sources and joining them together
+ Proficient with managing Unix, Linux, and Windows operating systems
+ Strong Experience with writing complex regular expression (Regex) to extract fields for data that is structured and unstructured
+ Experience with extracting fields, multi-value fields, tags, field aliases, etc.
+ Well-versed in building threat detections (correlation rules) using security logs to detect malicious activity with high fidelity
+ In-depth knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory
+ Experience with installing and configuring Splunk Devo and required modules
+ The ability to aggregate and analyze logs from various deployed security devices.
+ Experience with configuring and/or working with Devo.
+ Experience with creating parsers, dashboards, reports, and alerts (not including the default ones that come with Devo).
+ Shift flexibility, including the ability to provide on call support when needed
+ DESIRED QUALIFICATIONS
+ Experience working with Internal and client Ticketing and Knowledge Base Systems for Incident and Problem tracking as well as procedures. (i.e. Jira, Confluence, etc.).
+ General security knowledge (GIAC, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +, or other security certifications).