Cyber Fusion Detection Engineer Lead
The Sherwin-Williams Company - cleveland, OH
Apply NowJob Description
The Cyber Fusion Center - Lead Detection Engineer will lead the detection engineering and threat hunting services performed by Sherwin-William's Cyber Fusion Center. This team is responsible for creating and tuning high-fidelity detections for the company's Cybersecurity Security Operations Center (CSOC) using our SIEM tool and various data sources. This team is also responsible for Threat Hunting, Security Monitoring, and creating automations to reduce manual work and increase efficiency. The main objective is to create and tune detections and alerts to safeguard sensitive information from unauthorized access or harm caused by cybercriminals or malicious insiders. Assignments at this level will focus primarily on SIEM and Security Orchestration and Automated Response (SOAR) technologies that support the Cyber Fusion Center. Typically working alongside IT departments, security managers, and cybersecurity engineers. This role reports directly to the CSOC manager. Detection Engineering Lead customization, alerting, tuning, and automation solutions for our SIEM/SOAR platform. Configure SIEM detections and event data quality to maximize SIEM alert efficiency. Create and tune UEBA and anomaly-based detections. Threat Hunting Lead development of SOPs for performing lead-driven and leadless hunts. Adjusting processes and procedures to ensure continuous improvement. Assist management in defining roles and responsibilities for threat hunting team. Security Monitoring Lead monitoring of perimeter, host environment, network traffic, access and identity, applications, physical environment, cloud, and OT data sources. Provide early and real-time alerts of intrusions, exfiltration, malware, and anomalies Operational Management Support the ingestion and management of various data sources. Work with SIEM partners to create and enhance dashboards. Occasionally perform investigation and triage of events and incidents. Escalate according to established playbooks in support of Incident Response process. This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. This position has a hybrid work schedule with three days in the office and the option for working remotely two days. Formal Education & Certification Bachelor's degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience. Knowledge & Experience 8+ years IT experience. 5+ years of experience with a SIEM (Splunk, Exabeam, LogRhythm, Sumo Logic, etc.) CFC tools and techniques, including: Experience with User and Entity Behavior Analytics (UEBA) as part of SIEM platform. Experience with creating and tuning detection rules utilizing behavior analytics and anomaly-based detections. Experience leading lead-driven and leadless hunts. Experience identifying and implementing solutions to complex business problems. Understanding of various operating systems (z/OS,Window, UNIX, Linux, AIX, etc.). Understanding of log ingestion and complex data sources. Preferred Experience Experience with other SIEM/SOAR solutions. Experience working with a Threat Intelligence Platform (TIP) and integrating into a SIEM solution. Experience with virtualization and container application technologies such as VMWare and Docker. Experience in a Security Operations Center (SOC) or working with a MSSP. Project Management. Experience with scripting and automation. Experience with Vulnerability Management products such as Qualys, Rapid7, etc. Utilize key performance indicators to track log source availability. Personal Attributes Strong analytical, conc
Created: 2024-11-05