SIEM Platform Lead

Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert At Tetra Pak we commit to making food safe and available, everywhere; and we protect what's good – protecting food, protecting people, and protecting the planet. By doing so we touch millions of people's lives every day. And we need people like you to make it happen. We empower you to reach your potential with opportunities to make an impact to be proud of – for food, people and the planet. The security information and event management (SIEM) platform lead will be responsible for implementing, maintaining, monitoring and managing SIEM solutions deployed throughout the security operations center (SOC). Working alongside SOC and Threat and Exposure Management team members, the SIEM platform lead facilitates architectural designs, best practices, and event and incident response duties. The SIEM platform lead is expected to contribute to the corporate security strategy and collaborate with security leadership and other security technologists. The SIEM platform lead provides support to the incident response, forensic, application and networking teams, and works with IT infrastructure, application development, security operations, security audit and end user sources of information to ensure collection, correlation and reporting, as well as facilitation of corporate-wide security events. This is a permanent position that can be based in any Tetra Pak location. What you will do Role and responsibilities: The SIEM Platform Lead provides proactive and preventive analysis of systems through product-specific SIEM tools and ancillary solutions used in security. The role also ensures SIEM solutions aid in the output of metrics to senior management to help maintain a safe and secure enterprise technical operation. Daily, the platform lead ensures SIEM and automation solutions are healthy, maintaining integrity and performing optimally, and that capacity keeps up with demand. To be successful, a solid understanding of and practical hands-on experience with security principles, host configurations and networking is required. Key Responsibilities: Leading SIEM solution design, related components, and the confidentiality, integrity and availability (CIA) of logs. Implement, manage and maintain event and log collection, reporting and compliance requirements. Design and build SIEM dashboards and reporting tools required by technical teams. Act as a key member and contact for the security operations center (SOC) and incident response team. Help correlate events to support SOC response requirements. Be readily available for incident response, forensic, troubleshooting and security issues requiring event details. Maintain up-to-date level of knowledge related to security threats, vulnerabilities and mitigations set forth to reduce attack surface. Tune the SIEM with threat intelligence sources (e.g., premium, industry-shared, open-source and dark web), and correlate event indicators and threats. Support SOC automation initiatives leveraging playbooks, while also using human analysis as needed. Connect events to contextual security reports that security management and technical teams can easily comprehend. Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team. Work closely with Information Security leadership to instill cybersecurity policies and practices throughout business units that address security operations, incident response, application security and infrastructure. Actively engage in security projects across the business to implement event and logging requirements. Perform other duties as assigned. We believe you have At least 5 years cybersecurity experience (or IT coupled with cybersecurity) with at least 2 years in an engineering-based role supporting SOC and IR teams. Proficient in one or more SIEM (e.g., QRadar, Splunk, LogRhythm,). Knowledgeable of or hands-on experience with supporting intrusion detection/prevention systems (IDS/IPS), firewalls, endpoint solutions, data loss prevention (DLP), Active Directory (AD) and application security. Advanced knowledge of operating system configuration (Windows, Unix, Linux) and networking (DNS, DHCP, routing protocols). Ability to interface with threat intelligence platforms and SOAR solutions to centralize and manage incidents and remediation workflow. Ability to analyze event and incident logs and work with SOC and IR teams to assess security events related to malware, vulnerabilities, exploits and kill chain methodology. Strong understanding of key performance indicators (KPIs) and service-level agreements (SLAs) attributed to security and business objectives for key stakeholders. Ability to liaison to conduct tabletop exercises for security incident and events. Some experience in a cloud-based SIEM environment and migration from on-prem to cloud preferred. Experienced with one or more scripting languages (e.g., Python, PowerShell, Bash, etc.). Basic knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE ATT&ACK principles. Education Requirements: Bachelor’s degree preferred in cybersecurity, computer science, engineering or related field. 3-5+ years of cybersecurity or information technology practitioner experience. 2+ years of related security systems administration with endpoint, network, application and host-based security solutions. 2+ years working in or with SOC and IR teams. CISSP, GSEC, GCIH, GCIA, GCFE preferable, but not required. We Offer You A variety of exciting challenges with ample opportunities for development and training in a truly global landscape A culture that pioneers a spirit of innovation where our industry experts drive visible results An equal opportunity employment experience that values diversity and inclusion Market competitive compensation and benefits with flexible working arrangements Apply Now If you are inspired to be part of our promise to protect what’s good; for food, people, and the planet, apply through our careers page at . If you have any questions about your application, please contact Ephraim Kwa . Diversity, equity, and inclusion is an everyday part of how we work. We give people a place to belong and support to thrive, an environment where everyone can be comfortable being themselves and has equal opportunities to grow and succeed. We embrace difference, celebrate people for who they are, and for the diversity they bring that helps us better understand and connect with our customers and communities worldwide. #J-18808-Ljbffr