Cyber Security Engineer - SIEM Administration and Content Development
Visa | Ashburn, VA
About Visa: Common Purpose, Uncommon Opportunity . Everyone at Visa works with one goal in mind maki...
About Visa: Common Purpose, Uncommon Opportunity . Everyone at Visa works with one goal in mind making sure that Visa is the best way to pay and be paid, for everyone everywhere . This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do. CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks.We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visas sponsorships, including the Olympics and FIFA World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be. Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code. Job Description DescriptionCandidate will support and develop SIEM implementation(s) deployed across Visa. Primary day-today job duties involve enrolling log sources, administration, Content development and working with our SIEM customers/stakeholders across the globe.Qualifications ResponsibilitiesDevelop advanced SIEM correlation rules, reports and dashboards to detect emerging threatsManage, develop and tune the scripts that integrate SIEMCreate technical documentation around the content deployed to the SIEMMonitor the impact of deploying new content to the health and performance of the SIEMLead logging enrollments from multi-tier applications into the enterprise logging platformsDevelop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflowDevelops advanced scripts for manipulation of multiple data repositories to support analyst requirementsDevelop advanced reports to meet the requirements of key stakeholdersDevelop scalable security management tools and processesEngineers, configures and deploys Enterprise SIEM/SEM solutionsDevelop automation for security tools managementCollaborate with key stakeholders within GIS and Cyber Security to develop specific use cases to address specific business needsCollaborate with application owners to define and establish logging standards to address various governance requirements.Additional Information Qualifications Must Have: Over 3+ years of experience with QRADAR Excellent understanding and proven hands-on experience in SIEM concepts such as correlation, aggregation, normalization, and parsing Experience with deploying and managing a large SIEM deployment Excellent understanding of enterprise logging standards, with a focus on application logging 5+ years of experience with SPLUNK, ArcSight and/or Qradar SIEM systems Advanced knowledge of content creation concepts and best practicesExcellent understanding of regular expressions, development of custom/flex Parsers Excellent Python and Unix Shell scripting skills Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.5+ years of network security and system security experience, supporting security event management tools (SIEMs)Excellent understanding of Cyber Security Operations, Incident Response processes Excellent understanding of web application architectures and web servicesExcellent communication skillAbility to drive multiple efforts with minimum supervisionInfrastructure management and support experienceSystem administration experience in a Windows and Unix environment Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plusExperience working in a large enterprise environmentExperience integrating solutions in a multi-vendor environment.Bachelors degree in engineering, computer science, information security, or information systemsNice to Have:Experience working with Big Data platforms/non-relational databasesExperience working with HadoopExperience in database security and administration (Oracle, MySQL/SQL, DB2)Preferred certifications include: CISSP, SANS GCIA, OSCP, SPLUNKExperience developing Data Analytics/Anomaly detection algorithms. ormation will be kept confidential according to EEO guidelines.