Principal Info Security Analyst-Senior Splunk Engineer
- New York, NY, USA New York NY US
- Permanent, Full time
- BNY Mellon
- 19 Sep 18 2018-09-19
Principal Info Security Analyst-Senior Splunk Engineer
Principal Information Security Analyst->> Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Consults with the business and operational infrastructure personnel regarding new and existing technologies. Recommends new security tools to management and reports and provides guidance and expertise in their implementation. Reviews and analyzes highly complex data and information to provide insights, conclusions and actionable recommendations. Defines, implements, and applies area-wide security and/or COB policies and standards by leveraging in-depth knowledge of globally accepted information security and/or COB principles. Addresses high risk security concerns or incidents. Recommends course of action to mitigate risk and ensures that appropriate standards are established and published. Contributes to the achievement of area objectives.
Position Overview This is a Sr. Splunk Threat Hunter/Playbook Engineer role which will be an integral part of the dynamic, fast-paced Threat Detection team within CyberSecurity Analytics. A successful candidate will bring a positive, passionate attitude to the team's playbook and threat hunting initiatives by leveraging rich threat-hunting and specialized Splunk-related experience. As an expert in Splunk Search Processing Language (SPL), you'll be relied on to work closely with customer delivery managers, prioritize daily tasks, develop/deploy/verify advanced threat-hunting playbooks based on indicators of compromise and network anomaly detections, alerting logic, and enhance the organization's overall playbook strategy and threat analytics. Key responsibilities and deliverables
- Day to day management of playbook content lifecycles including customer interactions and priority, content creation, testing & tuning, version/value documentation, and finally, user-acceptance testing and effectiveness analytics.
- Utilize Git repositories to store, comment, and version on playbooks with Threat Detection customers including the Security Operations Center, Insider Threat, and SIEM Engineering among other teams.
- Participate in war-gaming and tabletop activities as part of red/blue team exercise to strengthen and test playbook health, maturity, and relevant documentation.
- Collaborate with Threat Detection team members to take lead on the design of complex SPL queries to advance searching, threat hunting, reports, dashboards, as well as Threat Detection team analytics/metrics.
- Collaborate closely with CSA members on the design of functional, process-oriented Splunk knowledge objects such as recurring reporting, searches, Splunk datamodels, macros, lookups, tags, and dashboards to combat threats and advance objectives within CyberSecurity Analytics.
- Collaborate with SIEM Engineering to ensure gaps are identified in onboarded data, CIM normalization, and correlation queries to ensure playbooks are able to be run at optimal health.
- Collaborate with SOC members, Threat Detection delivery managers, and other stakeholders to ensure customer issues and priorities are engaged via playbook work pipeline; ensure playbook processes are continually maturing including triage, escalation, incident, and change management.
- Engage in ongoing research in security tools, techniques, and procedures, as well as advance Threat Detection initiatives based on aggressive security principals, machine learning algorithms, and threat mitigation techniques.
- Ownership to reproduce, respond, document, and improve reported playbook issues as reported by Threat Detection teammates or customers.
- Proactively collaborate with Threat Detection teammates and members throughout the greater CyberSecurity Analytics organization to document actions, hurdles, and blockers with regard to work pipeline and progress.
- Expert-level demonstrative understanding of Splunk technologies include Core, Enterprise Security, User Behavior Analytics (UBA) and the Machine Learning Toolkit (Splunk ML), as well as Advanced Threat Analytics.
- Demonstrable experience with SPL creation, Splunk knowledge object management, Splunkbase, TAs, Dashboard Design
- Significant experience with network protocols, security orchestration, security/perimeter devices.
- Experience with Splunk data ingestion throughout the entire onboarding cycle, from data discovery to ingestion, CIMification, and onboarding validation; including JSON, XML, syslog, UF/HF.
- Active listening and collaborative skills with various audiences, including direct team members, security team and Splunk engineers, and executive stakeholders, in order to craft Splunk and search development solutions
- Experience with scripting languages to automate repetitive analysis and tasks.
- Experience with open-source security tools including Wireshark, nmap, burp, Snort, and Kali.
- Demonstrable competency with InfoSec fundamentals including Lockheed Killchain and MITRE ATT&CK-based analytics
- Experience with threat intelligence standards such as STIX, TAXII, and CybOX
- Demonstrable Threat Hunting experience
- Demonstrable Incident Response Workflow experience
- Fundamental understanding of InfoSec threat sharing including IoCs, artifacts, and forensic techniques
- Exceptional problem solving capabilities and strong documentation, communication skills both verbal and non-verbal
- Ability to self-manage workload and goals independently in a fact-paced, multi-threaded, and deadline-driven organization
- Passion for communication and attention to detail, research, and articulate, value-driven reporting
- Proficiency in Microsoft Office suite, including high-quality visual presentation of data within PowerPoint and Visio
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred 10-12 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-New York-New York
Internal Jobcode: 45183
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1806163