Sr. Security Platform Engineer Sr. Security Platform Engineer …

State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
State Street Corporation
in Quincy, MA, United States
Permanent, Full time
Be the first to apply
State Street Corporation
Sr. Security Platform Engineer
As a Sr. Security Platform Engineer, you will play a key technical role in our Platform Engineering team within the GCS engineering/architecture organization. You will serve as a technical expert for the platform engineering and services support for critical security technologies. The role primarily entails hands on technical product design and deployment specifically for building and managing SIEM platforms like Splunk Enterprise, Splunk User Behavior Analytics, Splunk Phantom, Splunk Enterprise Security and ArcSight. You will also be a mentor to junior staff members both on-shore and off-shore to develop their skills in SIEM platforms.

Responsibilities will include:

  • Engineer, implement and administer SIEM platforms ArcSight, Splunk Enterprise, Splunk Enterprise Security, Splunk UBA and Splunk Phantom in public cloud and on-premise datacenters
  • Analyze, design, build & support Splunk Multi-Cluster Architecture. Maintain existing ArcSight infrastructure
  • Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for these applications
  • Provide 24X7x365 production support for the platforms as part of the team to ensure smooth operations, system function & system health
  • Proficiency developing log ingestion and aggregation strategies
  • On-board new data sources into Splunk, analyze the data for anomalies and trends and build dashboards highlighting the key trends of the data.
  • product architecture, engineering and roadmap & Infrastructure Services for platforms supported by Security Analytics team
  • Perform integration activities to connect with 3rd party software.
  • Assist the content engineering team in developing security-focused content for Splunk, including creation of complex threat detection logic and operational dashboards
  • Control the stages of MSS architecture lifecycle, including service tooling improvements, requirements execution, architecture improvements, design, implementation, testing, documentation, and support.
  • Communicate requirements and risks to stakeholders such as Product, Engineering, and Security leadership.
  • Work with cross-functional teams to proactively improve on existing integration automation/workflows.
  • Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and MSS best practices.
  • Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.

Skills/Knowledge Desired:

  • Splunk certifications such as Splunk Certified Developer, Enterprise Security Implementation, Splunk Enterprise Certified Consultant, and/or Splunk Enterprise Certified Architect
  • Extensive experience implementing, architecting and administering Splunk Enterprise Security, Splunk UBA and Splunk Phantom
  • Azure/AWS knowledge required with experience preferred in managing Splunk implementation in AWS
  • Must have hands on experience on Splunk Enterprise Environment setup and troubleshooting skills
  • Must have knowledge on setting up new data feeds into Splunk
  • Must be able to Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and manage overall health of Splunk)
  • Experience in clustering and load balance Environments setup
  • Experience writing Splunk queries in Splunk Programming Language (SPL). Thorough understanding of Splunk processing language, optimization principles, APIs, and SDK.
  • Experience developing in XML, Bash, JavaScript and Python, Perl, PowerShell scripts
  • Experience with platforms such as Ansible, Puppet and Chef
  • Experience with other Information Security solutions including DLP, ZScaler, Palo Alto, Symantec solutions, McAfee, Active directory
  • Independent, self-motivated, proactive approach to problem solving and prevention.
  • Excellent written and verbal communication skills.
  • Passion for cybersecurity space.
  • Broad experience with SOC, NOC and/or MSS operations.

Experience Desired

The candidate shall have Degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field and a minimum of 10+ years of experience in Security engineering , system administration, database administration,
network engineering, software engineering, or software development, with a concentration in Cybersecurity.

  • 10+ years of IT engineering experience in building and managing infrastructure and security platforms
  • 5+ years of professional engineering experience with the Splunk platform
  • Minimum 1-2 full lifecycle implementation experience of Splunk Enterprise and Splunk Enterprise Security
  • In-depth experience with Splunk's multiple deployment options - including on-premise distributed deployments and public cloud
  • Expertise with data ingest, data normalization (Splunk delivered TAs, custom TAs), search/query design and execution.
  • Experience with Splunk component utilization (e.g. Indexer loads and requirements, search head peering, etc), component resourcing (e.g. underlying server specs), inter-component communications and tradeoffs (e.g. DNS vs IP tables, usage of SSL, etc) and underlying platform requirements.
  • Expert-level experience with SIEM technologies - implementation, tuning, troubleshooting Splunk and ArcSight
  • Expertise in building, deploying, scaling, and troubleshooting the various facets of large scale Splunk clusters and supporting apps.
  • 3+ years of DevOps Engineering experience
  • 3-5 years of hands on experience with security monitoring tools such as IDP/IDS, FW and AV with a strong understanding of network protocols and network monitoring tools
  • Hands-on experience supporting/developing enterprise technology and network infrastructure, including exposure to AWS or other public cloud infrastructure.
  • Knowledge of scripting languages such as Python, Perl, bash, etc.
  • Experience using Ansible and any flavor of Git.
  • At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX

Company Overview

From technology and product innovation to corporate responsibility and community development, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people - strengthening markets, building communities and creating opportunities for growth.

We owe that longevity to the commitment, expertise and creativity of our employees. Our continued success depends on our ability to attract and develop the best talent in the industry. That's why we're keenly focused on employee development, corporate citizenship and inclusion.

For us, success comes in the mark we make as an organization - for the industry, our clients, our communities and each other.

State Street Corporation logo
More Jobs Like This
See more jobs