SIEM Administrator

Reporting directly to the Manager, SIEM Operations, the SIEM Administrator provides consistent and high quality support for the Deepwatch managed security platform as part of a 24/7 team delivering configuration, operation, management, monitoring, and optimization of all SIEM systems and resources within Deepwatch. The SIEM Administrator focuses heavily on the daily monitoring and administration of a variety of SIEM deployment models across many  customer environments at a foundational level, employing the idea of “a mile wide and an inch deep.” Candidates must display aptitude and ability to adapt and stay positive in an ever evolving environment. 

This position is virtual / remote working from a home office unless traveling to a corporate office. This position will have an assigned shift that may include nights and/or weekends.

If you want to be a part of a dynamic team that will leverage your skills to innovate and maximize customer experience, enable you to maintain a strong work life balance, and assist you in reaching your career goals within the Information Security industry, look no further - this is a great opportunity for you. 

In this role, you’ll get to:

• Deliver frontline support to enhance our First Call Resolution rate, efficiently resolving issues prior to involving Tier 2 resources. 
• Contribute to our 24/7 schedule, guaranteeing uninterrupted customer coverage and vigilantly monitoring critical production support for potential outages.  
• Manage, monitor, and maintain SIEM deployments to include clustering and high availability scenarios
• Manage access accounts for a variety of customer environments
• Manage, monitor, maintain, and troubleshoot Linux and Windows systems to support SIEM
• Review infrastructure performance in AWS
• Monitor and manage performance of all deployed Splunk Enterprise systems
• Remediate critical log ingest gaps to support continuous security monitoring
• Communicate effectively with external customer contacts and internal leadership and fellow deepwatch experts
• Manage case request/incident statuses and provide follow up, based on SLAs, to internal and external customers driving efficient resolutions
• Interact professionally with customers to resolve issues, provide additional information, and answer questions through various channels including: Messaging platforms, phone, case systems, and email.
• Proactively identify and communicate environmental and platform risks to management, mitigating potential risks and minimizing exposure to unnecessary risks.
• Create and maintain documentation for customer environments, processes, and best practices
• Keep up-to-date with information security news, techniques, and trends

You’ll be successful in this role, if you:

• Have or be willing to obtain, in your first 6 months, SIEM Certifications (Splunk Core Certified Advanced Power User preferred) or be able to demonstrate foundational experience with SIEM administration
• Demonstrate basic administrative knowledge of SIEM infrastructure components and configurations including, but not limited to: Cluster Master, Deployer, Deployment Server, Heavy Forwarder, Universal Forwarder, and License Master in a at least one of the deployment models: public cloud, private cloud, and on-premise
• Have or be willing to obtain, within your first year, your CompTIA Linux+ certification and/or possess foundational demonstrable Linux System Administration skills (e.g., CentOS, RHEL, Ubuntu, etc.) including experience with file permissions, certificates, manipulation & editing of files, system tuning, security permissions, troubleshooting, and network connectivity
• Demonstrate a working knowledge in at least one of the following areas: Enterprise network administration, Enterprise Network Infrastructure administration, Cloud administration, Endpoint Engineering and Administration, Identity and Access Management, Security Operations Center (SOC), or SIEM Administration
• Respond to monitoring software alerts to ensure high availability of customer environments
• Provide high quality operational support while achieving business KPIs within a 24/7 operations team
• Consistently demonstrate and understand case management best practices
• Provide high quality operational support while achieving business KPIs within a 24/7 operations team
• Have strong written & verbal communication skills and an excellent customer service mentality
• Consistently deliver value as a member of a highly collaborative customer centric team

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

• A citizen of the U.S.;
• A lawful permanent resident of the United States; 
• A person admitted to the United States as a refugee; or
• A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.

Statutory Pay Disclosure:

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $93,500 to $132,000 + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

#LI-KL1