ClevelandRecruiter Since 2001
the smart solution for Cleveland jobs

Lead Splunk Security Engineer

Company: Sherwin-Williams
Location: Cleveland
Posted on: March 18, 2023

Job Description:

Here, we believe there's not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there's a place for you at Sherwin Williams. We provide you with the opportunity to explore your curiosity and drive us forward. We'll give you the space to share your strengths and we want you to show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show! Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans.

The Lead Splunk Security Engineer's core function is to develop and maintain the Corporate Threat Management program. Assignments at this level will focus primarily on the Security Operation Center (SOC), Security Information and Event Management (SIEM), and Security Orchestration and Automated Response (SOAR) technologies that support threat intelligence (CTI) teams.

Essential Functions

Operational Management

  • Perform SOC investigations and incident response.
  • Co-managed enterprise Splunk SIEM, including Core and Enterprise Security modules.
  • Work with existing SOAR technologies and work to increase and improve the scope of automation efforts.
  • Assist with continued log onboarding of cloud as well as on-premise sources and ensure proper parsing of the logs for usability.
  • Work with team to improve version control and infrastructure as code to improve infrastructure BC/DR capabilities.
  • Leverage existing SIEM technologies to improve risk-based and behavioral analysis for higher fidelity SOC alerts.
  • Assist CTI when required in their investigation and incident response efforts.
  • Support and maintain application automation and integration with security devices and software.
  • Work with businesses for refining policies and standards around SIEM / SOAR-related technologies.

    Acquisition & Deployment

    • Manage implementation efforts for stand-alone, DFARS-compliant SIEM leveraging Microsoft Sentinel.
    • Work with CTI to continue integrating its Threat Intelligence Platform with SIEM to move forward with management and automation efforts with identified indicators of compromise (IOC).
    • Work with architects and developers to design optimal logging and monitoring practices when developing new applications in the cloud and on-prem.
    • Mitigate security risks associated with projects, which have a high technical complexity and/or involve significant challenges to the business.

      Strategy & Planning

      • Engage other business departments in ongoing initiatives exploring enterprise data lake and data management solutions.
      • Work with appropriate teams to improve upon information security policies and standards.
      • Acquire and interpret business requirements and functional specifications to recommend security requirements.
      • Maintain knowledge of best security practices through training, research, and involvement with local IT security groups.
      • Identify training and knowledge transfer opportunities to improve Information Security and Corporate IT employees' ability to detect and prevent cyber security attacks.

        Incidental Functions

        • Assist businesses in deciding on new technologies including tools, components, and frameworks.
        • Mentor and coach team members and/or Professional Apprentices.
        • Project and task management and reporting as necessary.
        • Make presentations to management, clients, and peer groups as requested.
        • On-Call support will be occasionally required.
        • Minimal travel is required
        • Work outside the standard office 7.5-hour workday may be required.

          Position Requirements

          Formal Education & Certification

          • Bachelor's degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics, and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience.
          • Splunk Enterprise and/or Cloud Certified Admin or Architect preferred.
          • Microsoft Security Operations Analyst Associate Certification with Azure Sentinel is a plus.
          • Certifications or demonstrable knowledge of one or more of the following: CISSP, ITIL, Splunk, HTML, Python, PERL, XML, XSL, nmap, Linux, AIX, Windows, SQL(Oracle, MSSQL).

            Knowledge & Experience

            • 8+ years of IT experience, including experience with the following:
            • 5+ years of SIEM Experience (Splunk, Sentinel, Exabeam, Etc)
            • 2+ Years of SOC experience
            • 2+ years of search query writing with Splunk.
            • Experience integrating SIEM with multiple sources and feeds, including AWS (Cloud Watch, GuardDuty, etc), Azure (Security Center, Log Analytics, etc), Service Now, endpoints, and IPS/IDS solutions.
            • Understanding of various operating systems (z/OS, Windows, Linux, etc.).
            • Experience with cyber alert triage and/or incident response.

              Preferred Experience

              • Experience in managing projects.
              • Experience working with a Managed Security Services Provider (MSSP).
              • Experience working with a TIP (Anomoli, ThreatConnect, Palo Alto Networks, etc).
              • Understanding of Lockheed Martin Cyber Kill Chain and MITRE ATT&CK frameworks.
              • Knowledge of and experience with EDR technologies (Crowdstrike, Microsoft Defender ATP, etc.).
              • Experience with Python or other programming languages.
              • Experience with Digital Forensics.
              • Experience with Endpoint Forensics.
              • Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP, and/or other standards.
              • Experience with Vulnerability Management products such as Qualys, Rapid7, etc.

                Personal Attributes

                • Strong analytical, conceptual, and problem-solving abilities.
                • Good written and oral communication skills.
                • Good presentation and interpersonal skills.
                • Ability to conduct research into database issues, standards, and products.
                • Ability to present ideas in user-friendly language.
                • Able to prioritize and execute tasks in a high-pressure environment.
                • Ability to work in a team-oriented, collaborative environment.
                • Strong commitment to inclusion and diversity.

                  Must be legally authorized to work in the country of employment without sponsorship for employment visa status now or in the future.

                  Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. - All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.

                  As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.

Keywords: Sherwin-Williams, Cleveland , Lead Splunk Security Engineer, Engineering , Cleveland, Ohio

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Ohio jobs by following @recnetOH on Twitter!

Cleveland RSS job feeds