Ryder System Senior SIEM Engineer - REMOTE in Raleigh, North Carolina
If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here (http://wd5.myworkday.com/ryder/d/task/1422$3.htmld) to log in to Workday to apply using the internal application process. To learn how to apply for a position using the Career worklet, please review this quick reference guide (https://rydersystems.service-now.com/sys_attachment.do?sys_id=a39f83621bd99050632a4223cd4bcb91) .
You are the driving force behind our company.
Start your career with Ryder today!
*Remote - work from home*
The Senior SIEM Engineering Lead is designed to provide senior level leadership for the design, engineering, and implementation of the security event data collection for the Enterprise Information Security organization related to incident response, threat monitoring, threat intelligence, and operations across SIEM platforms like Elastic and Qradar. This Role will be engaged in work related to data identification, assessment, ingestion, normalization and enrichment activities required for Ryder's Security Operations Center to perform proper detection and analytics of cyber threats and response. The role also provides proactive and preventive analysis of systems through product-specific SIEM tools and ancillary solutions used in security. The role also ensures SIEM solutions aid in the output of metrics to senior management to help maintain a safe and secure enterprise technical operation. Daily, the engineer ensures SIEM solutions are healthy, maintaining integrity and performing optimally, and that capacity keeps up with demand. To be successful, a solid understanding of and practical hands-on experience with security principles, host configurations and networking is required.
Serve as lead engineer for SIEM design, related components, and the confidentiality, integrity, and availability (CIA) of logs.
Implement, manage, and maintain event and log collection, reporting and compliance requirements.
Design and build SIEM dashboards and reporting tools required by technical teams.
Act as a key member and contact for the security operations center (SOC) and incident response team.
Tune the SIEM with threat intelligence sources (e.g., premium, industry-shared, open-source and dark web), and correlate event indicators and threats.
Lead and perform the content development within the SIEM platform which includes use case creation, dashboard design, tuning of use cases to minimize false positives, development of reporting metrics such as SLA and KPI reports and Log source configuration.
Work closely with security leadership to instill cybersecurity policies and practices throughout business units that address security operations, incident response, application security and infrastructure.
Review and enhance logging information flow strategies and technical information flow required for log onboarding; create the work plan required for logging onboarding to include determining the technical details.
Help correlate events to support SOC response requirements.
Be readily available for incident response, forensic, troubleshooting and security issues requiring event details.
Support SOC automation initiatives leveraging playbooks, while also using human analysis as needed.
Actively engage in security projects across the business to implement event and logging requirements.
Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team.
Maintain up-to-date level of knowledge related to security threats, vulnerabilities and mitigations set forth to reduce attack surface.
Openly support the CISO, management team and executive leadership, even during tumultuous times.
Mentor and Support SOC Analyst Tier 1-3
Act as an escalation point for the security Analysts to assist and advise on the most complex security threat investigations.
Leverage advanced knowledge of security operations, cyber security tools, intrusion detection, and secured networks to integrate with eh SIEM platform.
Performs other duties as assigned.
Skills and Abilities
Proficient in one or more SIEM (e.g., QRadar, Splunk, LogRhythm, ArcSight, Securonix, Sumo Logic, Exabeam, ElasticSearch)
Ability to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, exploits and kill chain methodology
Ability to interface with threat intelligence platforms and SOAR solutions to centralize and manage incidents and remediation workflow
Ability to maintain credibility with the security team and external constituents through sustained industry knowledge
Ability to liaison to conduct tabletop exercises for security incidents and events
Ability to grasp and assess “big picture” issues and bring them to light in order to foster positive change for a more robust data ingestion platform and process
Strong project management, multitasking and organizational skills
Capable of working with diverse teams and promoting a positive enterprise-wide security culture
Highly organized, efficient, self-starter requiring minimal supervision
Knowledgeable of and hands-on experience with supporting intrusion detection/prevention systems (IDS/IPS), firewalls, endpoint solutions, data loss prevention (DLP), Active Directory (AD) and application security intermediate required
Advanced knowledge of operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols)advanced required
Strong understanding of key performance indicators (KPIs) and service-level agreements (SLAs) attributed to security and business objectives for key stakeholders advanced required
Experienced with one or more scripting languages (e.g., Python, PowerShell, Bash, etc.)intermediate required
Experience preparing and delivering presentations to peers or senior executives intermediate required
Bachelor's degree required Computer Science or 4+ years as a QRadar SIEM Engineer
Seven (7) years or more Cybersecurity or information technology practitioner experience. required
Seven (7) years or more experience configuring QRadar data collection, enrichment, deployment, integration and deployment. required
Seven (7) years or more experience operating in a Security Operations Center (SOC) and incident response environment. required
Knowledgeable of and hands-on experience with supporting intrusion detection/prevention systems (IDS/IPS), firewalls, endpoint solutions, data loss prevention (DLP), Active Directory (AD) and application security. intermediate required
Advanced knowledge of operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols). advanced required
Strong understanding of key performance indicators (KPIs) and service-level agreements (SLAs) attributed to security and business objectives for key stakeholders. advanced required
Experienced with one or more scripting languages (e.g., Python, PowerShell, Bash, etc.). intermediate required
Experience preparing and delivering presentations to peers or senior executives. intermediate required
Other Information Risk, Privacy, or Security Certification (CISSP, CCSK, CCSP, PCSM)
DOT Regulated: No
Job Category: Information Security
Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.