Information Security- SIEM/Detection Engineer
Holman Enterprises

Job Info

---

ARI helps companies around the world approach fleet management as an investment that drives business success. Headquartered in Mount Laurel, New Jersey, our people are united by the shared vision that fleet is much more than a collection of vehicles - it's a strategic asset for our clients. With nearly 2 million vehicles managed in North America, the UK and Europe, we help our customers build competitive advantage through business insight, data analysis, and the value of Holman Enterprises' collective automotive competencies.

The Holman Information Security Operations team is looking for a SIEM/Detection Engineer to assist in elevating the logging and detection program. This role will be technically focused, leading the day-to-day administration and direction of the SIEM/Logging platform. This role is a member of the Security Operations team and may be called upon to assist in other areas of the Security Operations program such as Incident Response, Endpoint Security, Vulnerability Management, Alert Triage, Technical Assessments.

Primary Responsibilities:

• Assessing the current SIEM/Logging architecture and making recommendations on near/mid/far goals to improve the stack in alignment with detection / threat hunting objectives.
• Ensuring all critical security and operational logs are flowing in to the SIEM environment.
• Ensuring all logs are filtered in alignment with security use cases and appropriate detection frameworks .
• Ensuring all logs are enriched to support detection capabilities and analyst interpretation.
• Generating high fidelity, low false positive detections.
• Integrating SIEM alerts and external systems through custom automation or via a SOAR tool.
• Aligning log data and detections with the MITRE ATT&CK framework.
• Opining on best practice for logging requirements for future or current initiatives.

An ideal candidate has experience with the following or similar technologies:

• Elasticsearch/Opensearch
• Elastic Beats
• Logstash
• Microsoft Sysmon
• Sigma
• Kakfa / Redis / Memcached
• Microsoft Windows / Linux
• Syslog/RELP
• Python/PowerShell/Bash
• Siemplify, Swimlane, Demisto (Palo Alto Cortex XSOAR)

Relevant Work Experience:

• 5-7 years of combined Information Security or Information Technology Experience
• 2-3 years of experience in SIEM architecture, design, administration
• Any of GIAC GCDA, GDSA, GMON, GDAT preferred
• Experience with Microsoft Azure, AWS, GCP or other cloud platforms a plus
• Experience with SOAR platforms a plus
• Substantial experience with common information security management frameworks, MITRE ATT&CK, MITRE DeTT&CT
• Breadth and depth of technical and or functional expertise in security operations and other related areas within information technology departments such as Infrastructure, Engineering, Networking or Development
• Strong written and verbal communication skills with the ability to communicate technical topics to technical and non-technical audiences

Holman Enterprises provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

This job has expired.