The security information and event management (SIEM) Senior Cybersecurity Engineer will be responsible for implementing, maintaining, monitoring, automating, and managing SIEM solutions deployed on-prem or in cloud. Working within cybersecurity engineering team, the SIEM senior cybersecurity engineer facilitates architectural designs, best practices, and event and incident response duties. The SIEM senior cybersecurity engineer is expected to contribute to the corporate security strategy and collaborate with security leadership and other security technologists. The SIEM senior cybersecurity engineer provides support to the incident response, forensic, application and networking teams, and works with IT infrastructure, application development, security operations, security audit and end user sources of information to ensure collection, correlation and reporting, as well as facilitation of corporate-wide security events. The SIEM senior cybersecurity engineer provides proactive and preventive analysis of systems through product specific SIEM tools and ancillary solutions used in security. The role also ensures SIEM solutions aid in the output of metrics to senior management to help maintain a safe and secure enterprise technical operation. Daily, the engineer ensures SIEM solutions are healthy, maintaining integrity and performing optimally, and that capacity keeps up with demand. To be successful, a solid understanding and practical hands-on experience in security principles, host configurations and networking is required.
Serve as lead engineer for SIEM design, related components, and the confidentiality, integrity and availability (CIA) of logs. Implement, manage, and maintain event and log collection, reporting and compliance requirements. Design and build SIEM dashboards and reporting tools required by technical teams. Help correlate events to support SOC response requirements. Be readily available for incident response, forensic, troubleshooting and security issues requiring event details. Maintain up-to-date level of knowledge related to security threats, vulnerabilities, and mitigations set forth to reduce attack surface. Tune the SIEM with threat intelligence sources (e.g., premium, industry-shared, open-source and dark web), and correlate event indicators and threats. Support SOC automation initiatives leveraging playbooks, while also using human analysis as needed. Connect events to contextual security reports that security management and technical teams can easily comprehend. Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team. Work closely with security leadership to instill cybersecurity policies and practices throughout business units that address security operations, incident response, application security and infrastructure. Actively engage in security projects across the business to implement event and logging requirements. Openly support the CISO, management team and executive leadership, even during tumultuous times. Perform other duties as assigned.
Required: Education Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering related technical discipline or combination of relevant experience/education. Skill and Job Experience At least 3-5 years cybersecurity experience (or IT coupled with cybersecurity) with at least 2 years in an engineering-based role supporting SOC and IR teams. Proficient in one or more SIEM (e.g., QRadar, Splunk, DEVO, Google Chronicle, LogRhythm, ArcSight, Securonix, Sumo Logic, Exabeam). Knowledgeable and hands-on experience supporting intrusion detection/prevention systems (IDS/IPS), firewalls, endpoint solutions, data loss prevention (DLP), Active Directory (AD) and application security. Advanced knowledge of operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols). Ability to interface with threat intelligence platforms and SOAR solutions to centralize and manage incidents and remediation workflow. Ability to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, exploits and kill chain methodology. Strong understanding of key performance indicators (KPIs) and service-level agreements (SLAs) attributed to security and business objectives for key stakeholders. Ability to liaison to conduct tabletop exercises for security incident and events. Some experience in a cloud-based SIEM environment and migration from on-prem to cloud preferred. Experienced with one or more scripting languages (e.g., Python, PowerShell, Bash, etc.). Basic knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&ACK principles. Language & Communication Skills Ability to effectively communicate both verbally and written with all levels within the organization Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skill Ability to work well within a team environment, as well as independently
Bachelors degree or higher in Computer Science, Computer Engineering, Technology Information Systems Engineering
Prior experience as Security Engineer/Senior Security Engineer/Senior Developer or Senior Analysts engineering and/or supporting cybersecurity tools & solutions for Healthcare organizations
Technical certifications in any of the fields Security technologies & tools, Development methodologies and frameworks, Cloud and Mobile applications Industry recognized professional certifications Security+, TOGAF, SANS, CISSP, CISM, CISA
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.