When you join us at Thermo Fisher Scientific, you'll be part of a hard-working, driven team that shares your passion for exploration and discovery. With annual revenues over $40 billion and the most significant investment in R&D in the industry, we give our more than 100,000 colleagues the resources and chances to create meaningful contributions to the world.
Summary
Discover Impactful Work: As a SIEM Engineer, you have a global responsibility for enabling cybersecurity response within the Corporate Infrastructure & Security (CIS) team. In this position, you will play a meaningful role in building and maintaining cybersecurity audit log delivery pipelines and developing searches, alerts, and dashboards within a cloud SIEM environment. Collaborating with Cybersecurity Operations, you'll help us proactively identify and respond to potential threats to keep our organization secure.
A Day in the Life:
Log Pipelines: Map out and help maintain audit log collection, transformation, and delivery to cloud SIEM and/or data lakes for long-term retention and regulatory compliance.
Writing Queries: Build sophisticated search queries to find vital log activity and dynamically join diverse datasets together to present patterns of activity.
Alerting and Dashboarding: Develop new alerting mechanisms tailored to our security landscape within our SIEM platform. Build insightful dashboards that provide clear visualizations of security metrics.
Systems Administration: Support a large AWS cloud environment of Unix systems running the log collection backbone.
Keys to Success:
Cross-Team Collaboration: Liaise with SOC analysts, security engineers, and incident responders to understand critical processes and craft effective automations.
Documentation and Training: Ensure documentation and processes are well defined so that the engineered solutions are understood and repeatable.
Ensure solutions are well built, backed up & restore tested, and consistently maintained for health.
Problem Solving & Communication: Excellent analytical and problem-solving skills. Ability to communicate technical concepts to different audiences.
Education
Bachelor's Degree in cybersecurity, computer science, systems engineering, or related field. Equivalent work experience is acceptable.
2+ years of experience in a security engineering role with a focus on Splunk Cloud & engineering and development. Experience maintaining Splunk forwarders, fleets of apps and add-ons, handling configuration and version upgrades.
2+ years of experience managing Splunk Enterprise Security development and tuning. Experience developing RBA use-cases, data normalization, and assets & identities configuration.
At least two years experience in AWS/Cloud-native platforms