Post Thu Mar 17, 2011 8:00 pm

Security Monitoring Specialist (SIEM, Logging, Event Management)

Large consulting firm looking to fill a variety of security positions.  Slots open in most major cities, but prefer NY, Short Hills, Philly, Tyson's Corner, Atlanta, Chicago, Detroit, Houston, Seattle, and San Francisco/Silicon Valley.  The job postings will reflect experienced hires, but I am more than willing to talk to junior folks that have the skills to hit the ground running.

Security Monitoring Specialist
• Design of security monitoring solutions such as SIEM, IDS/IPS, Database Activity Monitoring (DAM), firewalls, network and host based malware/AV, and log collection/aggregation within environments of various size and composition
• Perform requirements gathering, current state assessments,  design, implementation, and testing of monitoring solutions that meet a variety of regulatory needs such as PCI, SOX, FFIEC, FISMA, HIPAA/HITECH, and NERC/CIP
• Assist clients in improving the capabilities and maturity of their monitoring program by identifying appropriate technologies, policies, organizational structures, and relations with third parties
• Be able to create custom monitoring rules for a variety of detection platforms, and custom correlation rules for SIEM platforms
• Assist clients by incorporating security monitoring capabilities into a variety of other operational processes such as incident response, vulnerability management, incident management, asset management, compliance, audit, and executive reporting
• Guide clients through monitoring tool vendor selections including drafting Requests for Proposal (RFP), assessing vendor responses, and constructing/executing a proof of concept
• Identify and clearly articulate (written and verbal) findings to senior management and clients
• Help identify improvement opportunities for assigned clients
• Supervise and provide engagement management for IT staff working on assigned engagements
• Bachelor’s degree in computer science or related field from an accredited college/university
• 5+ years of information security experience and 2+ years of security monitoring experience
• Demonstrate a clear understanding of typical security monitoring metrics/KPIs, executive reporting, and audit/compliance reporting
• Strong ability to tune monitoring solutions for generations of appropriate alerts, and experience in coordinating/participating with incident response and investigative teams through incident resolution
• Experience in arranging relationships and SLAs with Managed Security Services Providers (MSSPs) and the ability to construct/operate shared monitoring relationships involving internal client SIEMS and external MSSPs
• In-depth knowledge of the monitoring and logging provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, COBIT, NIST SP800-92, NIST SP800-94, NIST SP800-53
• Technical background in networking including in-depth knowledge of TCP/IP and common communication services/protocols used to transport and manage logs
• Familiarity of the structure, roles, and responsibilities of monitoring teams with a focus on both distributed/shared models as well as traditional SOCs
• System Configuration and experience necessary to integrate a wide variety of devices into consolidated monitoring solutions (HP-UX, Linux, Solaris, AIX, firewalls, routers, switches, databases, Active Directory, LDAP, etc.)
• Two or more years of scripting/programming experience with Perl, Python, VB, or Bash
• SIEM platform experience (Arcsight, enVision, Nitro, netForensics, QRadar, etc.)
• Database monitoring platform experience (native DB logging/auditing, AppSec dbprotect, Guardium, Imperva, etc.)
• Host and network IDS/IPS platform experience (Sourcefire/snort, Cisco, TippingPoint, Tripwire, Dragon, OSSEC, McAfee HIPS, Symantec Endpoint Protection, etc)
• One or more of the following technical certifications preferred: Certified Ethical Hacker (CEH); GIAC Certified Enterprise Defender (GCED); GIAC Certified Incident Handler or Analyst (GCIH  or GCIA);or equivalent vendor specific certifications (Arcsight, RSA, etc)
• In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
• Track record with published content / research work in the information security field
• Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client’s senior management team