The Security Engineer will be responsible for supporting the Cyber Detect foundational capabilities that include Centralized Logging and Monitoring using CrowdStrike Falcon Next-Gen SIEM, ONUM. This person will be supporting the migration from Splunk Cloud, CRIBL, Syslog-NG and related products to CrowdStrike Falcon Next-Gen SIEM.
· Support US SIEM Operation and migration of log sources to CrowdStrike Falcon Next-Gen SIEM ensuring proper coverage by validation that log data is complete using multiple criteria (volume, type of events and enriched fields).
· Support and enable data bifurcation from existing SIEM environment to the new CrowdStrike Falcon Next-Gen SIEM to allow migration.
· Coordinate implementation of requirements to allow data bifurcation to CrowdStrike Falcon Next-Gen SIEM in addition to coordinating validation of Internet/GSNet bandwidth requirements and Proxy capacity to support log data bifurcation form Ingestion layer to CrowdStrike Falcon Next-Gen SIEM.
· Monitor for potential log outages and maintain log sources reporting to the SIEM.
· Validate that required log data for US unique requirements are migrated properly (SOX/GLBA, DB logs, Badge logs, PingFed, IBM API connect, etc.).
· Perform log source data analysis to confirm parsing rules are working as expected. Validating required fields and ensure applicable CIM (Common Information Model) compliance.
· Implement requirements on source hosts to configure necessary components to forward logs to CrowdStrike Falcon Next-Gen SIEM as required by Global standard. This includes Logical Servers and any other sources that require new clients or agents such as CrowdStrike/ONUM/etc.
· Request, coordinate and implement FW rules, network routing and DNS resolution to support Migration to CrowdStrike Falcon Next-Gen SIEM.
· Validate US profiles and permissions are migrate as expected to CrowdStrike Falcon Next-Gen SIEM in addition to documenting, maintaining and improving SIEM Log Source onboarding process for relevant sources including Cloud and SaaS applications.
· Review and provide system configuration and log onboarding requirements to system owners.
· Collaborate with other Cyber Security Operations teams to document and implement logging and monitoring capabilities to meet established requirements including Virginia Log Ingestion Layer for scalability with Load Balancer and Proxy support.
· Maintain and update dashboards, reports, log source coverage metrics, and other relevant criteria, and participate in the development of monitoring Use Cases as required to enhance the logging and monitoring function.
· Bilingual in Spanish/English (verbal, written) is required
· 5+ years’ demonstrable experience in log source onboarding into Splunk Enterprise Security and Centralized Cybersecurity Logging and monitoring
· Experience with CrowdStrike Falcon Next-Gen SIEM, ONUJM, CRIBL, SPL (Splunk scripting Language)
· 2+ years of experience with Red Hat Linux, Windows, and Python scripting
· Knowledge and experience in a SIEM environment with common IT and Security Tools: CrowdStrike Falcon, ONUM, CRIBL, Firewalls, Proxy, DNS, VPN, Active Directory, Windows, Linux,
· Experience in information security sharing platforms like memberships to trust groups for intelligence sharing (FS-ISAC)
· Bachelor’s degree or experience in relevant field/equivalent work experience
· Familiarity with the National Institute of Standards and Technology (NIST) Cyber Security Framework and Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT)
· SANS or related certification in the areas of cybersecurity network, antimalware and forensic analysis (GREM, GCIA, GCFA, GCIH).
