• SIEM Engineer

    Posting Number 2018-4600
    Posted Date 3 weeks ago(6/1/2018 4:23 PM)
    Location : Location
    US-NY-New York
    Security Operations
    NYU IT (WS1170)
    Compensation Grade
    Band 53
  • Position Summary

    We are seeking a SIEM Engineer to join the Security Operations Center (SOC) in NYU IT’s Office of Information Security (OIS). The successful candidate will be immersed in the day-to-day operations of the SOC. In cooperation with the team, the candidate will use their experiences and observations to initiate, develop, design, implement and test data-focused security intelligence solutions. Ultimately, the goal of this role is to enhance monitoring and incident response capabilities through the use of Splunk’s Enterprise Security (ES) SIEM. OIS’s SIEM implementation is in its early stages, therefore this is not only an opportunity to contribute to operational excellence, but to also guide an exciting effort from the beginning. The candidate should have a strong understanding of optimal SIEM operation, data source requirements, demonstrate a clear understanding of security operations, incident handling, practical networking, systems administration, firewall management, and general information technology concepts. This position will report to the Senior Manager of Security Operations.


    Required Education:
    Bachelor’s Degree in Computer Science, Information Technology or Information Security.

    Preferred Education:
    Post-baccalaureate education, professional development and/or certification programs

    Required Experience:
    3-5 years information security operations, data analysis, and/or related IT operational functions

    Preferred Experience:
    3+ years using Splunk and/or Splunk ES

    Required Skills, Knowledge and Abilities:
    • Proven ability to support large scale Splunk or similar event logging solutions (ArcSight, QRadar, LogRythm, ESM…) • Expertise in application monitoring and event log management. • Extensive experience creating alerts, dashboards, and reports. • Demonstrates the ability to extract meaningful events from operating system, database, application and security platform data. • Understanding of Unix/Linux and Windows operating systems. • Certification in one or more of: o Splunk Enterprise o Splunk Enterprise Security o Threat Intelligence o Intrusion Detection or Response o Security Monitoring • Demonstrable expert knowledge of Splunk Best Practices, Security Operations, Workflows and Processes. • Demonstrable experience creating, designing and maintaining tools written in at least one major language: Python, Ruby, Java, Perl, etc. • Experience working with APIs and custom scripting solutions to solve unique institutional problems. • Excellent written and verbal communication skills are required. Ability to communicate effectively with business representatives in explaining impacts and strategies when necessary.

    Preferred Skills, Knowledge and Abilities:
    • Data analysis and visualization background; Experience having told stories with data before, in a professional or academic setting. • Demonstrable knowledge of databases and data storage concepts • Understanding of Splunk ES Information modelling concepts • Experience with machine learning concepts, packet analysis, and reverse engineering algorithms

    Additional Information

    EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect with us

    Sign-up to let us know about your interest in an NYU Career.