|Company||LG&E and KU|
|Location||Louisville, KY or REMOTE|
|Preferred GIAC Certifications||GCDA|
This role requires the ability to architect, implement and manage SIEM solutions in support of IT Security operations for the organization. Experience and knowledge of SIEM technologies, cyber threats, usage of threat intelligence and enterprise defenses are essential to the success for this position.
- Perform daily hands-on-keyboard activities that focus on analyzing various metadata from network and host appliances including abnormal machine or user behavior analytics.
- Identify weaknesses that affect networks and systems and develop countermeasure or mitigations to resolve or alert on.
- Manage and mature corporate solution for Security Information Event Manager (SIEM). Responsible for customizing alerts and parsing new data sources including working with company Managed Security Service Providers (MSSP).
- Experience with SIEM (e.g., Splunk/Qradar) data manipulation and alert creation. Identify security gaps and evaluate enhancements: Perform data/log gap analysis and solutions to improve capabilities, both internally and externally available.
- Create technical documentation around the architecture, configuration, and content deployed to the SIEM.
- Utilize corporate risk register to mature the threat modeling process for protecting the company’s high value assets.
- Implement new technologies and work processes: Integrate security technologies that support threat and vulnerability reduction, incident response, and anomaly detection.
- Provide on-going consulting assistance ensure security by design to address security issues and implement security policies, procedures, and measures. Strengthen overall knowledge of security issues, technologies, and direction.
- Collaborate with application owners to define and establish logging standards to address various governance requirements.
- Provide oversight to log collection and analysis of system security reports and summarize data and trends.
- Responsible for identifying new data sources, and capabilities to improve data collection and alerting standards.
- Monitor/subscribe to opensource information and repositories of reliable Cyber and technical groups with the purpose of continuing education, awareness, and improve network and host threat detection and hardening.
- Utilize intrusion detection systems (IDS’s) to monitor network system (LANs, WANs, VPNs, routers, firewalls, and related security and network devices) for indicators of compromise (IOCs)
- Proactively identify potential network threats and cyber threats and recommend preemptive remedial actions.
- Serve as a member of the cyber incident response team to investigate network security events, conducting root-cause analysis to identify threats for recurring incidents.
- Monitor and track incidents related to network access, network intrusion, cyber security, and regulatory compliance.
- Maintain security by monitoring, ensuring compliance to standards, policies, and procedures; conducting incident response analyses; and conducting training programs.
- All other duties and projects as assigned.
COMPANY PAID RELOCATION PROVIDED - EXTERNAL
REQUIRED EDUCATION AND EXPERIENCE
Bachelor’s degree and a minimum of five years of experience in IT with emphasis in cybersecurity, networking, systems engineering or application development with a minimum of three years of direct security experience, or an equivalent combination of education and experience on a year-for-year basis, is required.
- Solid understanding and hands-on experience in SIEM concepts such as log correlation, aggregation, and normalization.
- SIEM experience creating searches, analytics, and alerts and understanding how to pivot in the data fields for investigative purposes.
- Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, firewalls, and web proxies.
- Ability to mine and respond to Indicators of Compromise (IOCs).
- Understands advanced persistent threat (APT) infection and attack chains, including tactics, techniques, and procedures (TTPs).
- Ability to create custom data parsers to analyze event logging from various device, packet captures, and metadata.
- Knowledge of the MITRE Threat (ATT&CK) Framework.
- A successful academic or work background indication a demonstrated ability to absorb information, apply conceptual skills in practical security solutions, achieve desired results in a highly technical, operating environment.
- Skills in effectively adapting to rapidly changing technology and ability to apply it to business needs and to merge multiple tools together to solve problems. Strong analytical and problem solving background; good project management skills with ability to multitask and manage multiple small projects in a cross-functional environment.
Preferred Certifications may include:
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Detection Analyst (GCDA)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Critical Infrastructure Protection (GCIP)
• IACIS Certified Forensic Computer Examiner (CFCE)
• EC-Council Certified Ethical Hacker (CeH)
• Offensive Security Certified Professional (OSCP)
Normal office environment.
Primarily sitting with optional standing and walking. General mobility; some travel required.