Cyber Security Automation & SIEM Engineer
Schlumberger | Colombia, Bogota
Roles and Responsibilities:
- Implement the automated processes using either our Security Information & Event Management (SIEM – Splunk) or Security Orchestration, Automation & Response (SOAR - Demisto) tool.
- Test, design and implement any new request from the Cyber Security Operations Center (SOC) with regards to the Data Ingestion or Dashboard Creation or Automation Request.
- Analyze all the resolved incidents and as appropriate/possible propose to automate the resolution processes and/or to implement preventive measures to minimize or nullify the threads based on information and knowledge/experience from Schlumberger and Industry best practices.
- Create, design, test and optimize any new Splunk searches as well as existing Splunk Searches to ensure that these searches are running optimally (to avoid any performance issues due to any additional unnecessary load on the Splunk Infrastructure).
- Using machine learning to implement more complicated Splunk searches to address the more complicated uses cases for Cyber Security Detections.
- Identifying processes to be automated through use of systems and scripts.
- Working with CyberSecurity Operation Center (CyberSOC) Analysts to create and deploy scripts as needed.
- Capable of working unsupervised and able to interact with CyberSecurity Operation Center Analysts to automate the resolution processes, and to elaborate corresponding documentation to enrich the corporate security policies and processes.
- Develops and maintains constructive and cooperative working relationships among multiple different teams.
- Document any deployed solutions (such as dashboard creation design, software upgrade procedures, etc.) in a central documentation repository
Qualifications and Experience:
- Minimum: Bachelor’s degree in IT, Telecommunications, Computer Science or Engineering
- Minimum Two or more years in Networks, Application Development, Security & Incident Response
- Advanced English Level. Strong verbal and written communication skills
- Good knowledge of Splunk or SIEM
- Good knowledge of Demisto or other security orchestration (SOAR) tool
- Good knowledge of cloud technologies
- Experience in Incident Response
- Strong Technical Troubleshooting
- Networking Knowledge
- Operating System Knowledge
- Good Analytical, Problem Solving, Solution skills, Out of the box thinker
- Change management
- Innovation skills and vision