Client ID: 298060
On behalf of our client in the Banking Sector, PROCOM is looking for a Security Specialist.
Security Specialist – Job Description
- Develop and implement SIEM use cases using Splunk Enterprise Security
- Thoroughly document implementations, via technical documentation and playbooks for the client
- Provide input and feedback for existing SIEM use cases, analyze and propose detection improvements
- Possess a firm understanding of the capabilities within Splunk, Splunk Enterprise Security.
- Design and drive technical plans toward security analytics management objectives such as: integration of events from cloud/on prem platforms to enterprise SIEM; implementation of use cases/policies; net new security use cases development to support Security Logging & Monitoring/UEBA, account for the effect of the evolving threat space on the overall set of existing security use cases.
- Categorize SIEM use cases using MITRE ATT&CK framework, participate on Purple team testing and ensure successful implementation.
- Possess a solid understanding and have experience with systems automation platforms and technologies.
- Customer facing role - Walk thru to white boarding of SIEM use cases development process and implementation planning to stakeholders
Security Specialist – Mandatory Skills
- 3-5 years' work experience in information security, cyber security, data protection or a related field
- Security Analytics and UBA (Splunk): 3+ years of experience in performing security event management, security information event management and/ or security analytics configuration and management, security use case development and tuning, operational management and administration.
- Working experience with security event management and security analytics operational governance and fundamental operational processes (intake of new log sources, on-boarding, use cases management, etc.)
- Proven experience with the successful development and deployment of use cases correlating information from various heterogeneous security feeds/platforms (e.g.: threat intel feeds, IOC. EDR, APT intelligence, etc.)
- Experience with securing virtual, physical and cloud environments
- Proven expertise with Splunk Enterprise Security and Splunk User Behavior Analytics
- Working Experience with one or more of the following technologies:
- Optional: ArcSight, RSA, Securonix, QRadar or equivalent tools
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes.
- Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Knowledge of IT service management processes and concepts, including change management, incident management, problem management, and configuration management
- Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
- Strong interpersonal and communication skills; ability to work in a team environment
- Ability to work independently with minimal direction; self-starter/self-motivated
- An understanding of regulatory and Controls requirements: PCI, FFIEC, SOX, HIPAA, ISO 2700x, NIST standards
- Professional Splunk Certification (Splunk Architect, Splunk Enterprise Security Admin)
- Professional IT security certification such as CISSP, SANS Certified Intrusion Analyst (GCIA), CEH, GSEC and/or CISM.
Security Specialist – Nice to Have Skills
- Preferred: Splunk, MS Azure Security Center (ASC), Microsoft Cloud Application Security (MCAS), Amazon Web Services (security services, e.g.: CloudTrail, CloudWatch)
- Splunk Enterprise Security Admin
- Previous FI experience
Security Specialist - Assignment Start Date
ASAP – 6 months to start
Security Specialist - Assignment Location
Toronto, ON – Work Remotely