Senior Threat Detection & Response / SIEM Consultant - Secureworks - Remote
Austin, TexasJob ID R038485 Date posted Oct. 05, 2019
Senior Threat Detection & Response / SIEM Consultant - Secureworks - Remote
Secureworks® (NASDAQ: SCWX) is a technology-driven cybersecurity leader that protects organizations in the digitally connected world. Built on proprietary technologies and world-class threat intelligence, our applications and solutions help prevent, detect, and respond to cyber threats. Red Cloak™ software brings advanced threat analytics to thousands of customers, and the Secureworks Counter Threat Platform™ processes over 300B threat events per day. We understand complex security environments and are passionate about simplifying security with Defense in Concert™ so that security becomes a business enabler. More than 4,000 customers across over 50 countries are protected by Secureworks, benefit from our network effect and are Collectively Smarter. Exponentially Safer.™ www.secureworks.com
We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.
The Senior TDR/SIEM Consultant will lead Threat Detection & Response (TDR) Professional Services consulting engagements focused on the design, development and implementation of RedCloak TDR-based solutions for large and mid-size enterprise organizations. This individual will provide Clients with architecture and design plans to support the implementation and operation of the Secureworks RedCloak TDR application and other SIEM and SOAR platforms, using industry standard best practices. This person will design security program solutions to accommodate client and service-related growth plans while maintaining a balance between performance, flexibility and stability. The role includes responsibility for managing customer expectations, assisting clients with onboarding data into RedCloak TDR, supporting projects for multiple clients, including multi-site/distributed installations, and assisting with the development of plans and advanced reports to meet the requirements of key stakeholders. You will also be responsible for conducting research in areas driven by customer use cases and architecting and supporting various other vendor products/solutions that may be used to configure and deploy enterprise security programs/solutions for our clients. This individual will also be responsible for assisting with the creation of procedures, implementation of processes and development of plans for managing and maintaining security solution deployments in client environments (both in the cloud and on-premise). The Senior TDR/SIEM Consultant will work closely with Management, other Consultants, Solution Architects, Security Engineers, and Clients to deliver critical TDR Pro Services to our clients and will serve as a subject matter expert and technical consulting lead for RedCloak TDR Pro Services engagements.
- Engineer, configure, & deploy Threat Detection & Response and similar SIEM and SOAR solutions as well as related Apps and Add-ons for client engagements.
- Lead the technical aspects of Threat Detection & Response Professional Services engagements
- Work closely with Sales, Management, Service Delivery and other teams in defining processes and procedures for TDR Pro services projects.
- Guide the design, development, and review of complex TDR solutions including SIEM and SOAR security content (i.e., rules, reports, dashboards).
- Analyze and identify areas of improvement with existing TDR-related security operations processes, procedures and documentation.
- Assist in the development of internal training methods to support TDR pro services capability development.
- Act as a TDR subject matter expert for other team members and provide guidance and mentoring on TDR, SIEM and SOAR solutions.
- Assist with client transition and onboarding and serve as a primary SME point of contact for TDR and SIEM-related services.
- Define, explain and demonstrate how to use TDR, SIEM and SOAR solutions to both technical and relatively non-technical personnel.
- Provide remote consulting services via interactive client sessions to assist with implementation of multiple SIEM and/or SOAR technologies.
- Lead the implementation of SecureWorks RedCloak TDR and related SIEM and SOAR software products for clients in large enterprise environments
- Recommend, test, tune and implement TDR, SIEM and SOAR correlation rules
- Identify false positives from alerting, and define processes and procedures for performing incident response, triage, incident analysis and remediation tasks
- Provide technical hands on support for the migration of SIEM rules from one SIEM platform to another
- Create, modify, and update threat detection and response correlation rules, reports and dashboards for SIEM solutions (primarily Splunk)
- Interact with client’s that leverage SIEM and other tools to provide guidance on threat detection & response best practices
- Work with our internal Managed SIEM Services teams and Client POCs to develop TDR incident response plans, triage guidance, incident analysis and remediation guidance, as necessary
As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.
- Minimum of 8 years of IT security operations experience
- Minimum of 5 years of experience architecting and developing SIEM solutions in a large enterprise environment (Splunk preferred)
- Minimum of 2 years of hands-on experience developing advanced threat detection use cases for a SIEM platform
- Prior consulting or customer-facing support experience highly preferred
- Splunk Administrator or Splunk Architect Certification highly preferred
- Prior experience with Splunk ES is highly preferred
- Prior experience as a Splunk administrator or administrator of another SIEM platform
- Splunk Search Processing Language (SPL) experience
- CISSP, CEH, SANS GIAC series and/or other certifications that demonstrate a commitment to continuous professional development
- Prior experience developing use case content in Splunk (i.e., development of correlation searches/rules, reports, dashboards and/or apps and add-ons for Splunk)
- Knowledge of SIEM "best practices"
- Prior experience with one or more of the following SIEM platforms: Splunk, QRadar, ArcSight, McAfee ESM, LogRhythm, or RSA NetWitness
- Excellent presentation and communication skills (must be able to clearly explain and articulate complex subjects in a way that can be understood by less technical or non-technical audiences, both in writing and during live presentations)
- Experience with common security controls (e.g., Firewalls, IDS, AD, Proxies, etc.)
- Experience using python or other similar scripting languages to automate tasks and manipulate data
- Knowledge of enterprise logging for OS, applications & various security technologies
- Experience investigating common types of attacks and security events
- Solid technical understating of TCP/IP, SSL, Exploit kits, DNS, & network architecture
- Knowledge of multiple operating systems (Windows, Linux)
Location: Remote with travel up to 40% travel (including international travel)
Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworks here.