Sr. Security Engineer – SIEM Content

JOB SUMMARYServes as Splunk engineer responsible for developing SIEM content to monitor and detect of potential security incidents across the Marriott enterprise. Responsible for SIEM content management, content creation, rule tuning, reporting, alert creation. Produces high-quality process documentation for monitoring and content creation tasks. Leverages knowledge of monitoring, analyzing, detecting, and responding to Cyber events and incidents to develop and implement monitoring and alerting for information systems and networks.

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
• 7+ years of information technology experience
• 5+ years of experience in some or all of the following:
  • Incident Response or Security Operations Center (SOC) teams
  • Splunk products
  • Scripting or programming language, including Python
  • API development and integration
  • Other logging platforms (ArcSight, SumoLogic, QRadar, etc.)

Preferred Skills/Experience:

• Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
• Experience with architecting, implementing, and operating Splunk or other big data platforms
• Experience with IDS, IPS, and SIEM appliance architecture, operations, and management
• Experience working in a globally distributed enterprise environment
• Experience with monitoring use case implementation methodologies
• Knowledge of Linux, Unix and Microsoft operating systems
• Knowledge of TCP/IP protocols
• Experience using regex (regular expressions) with a scripting language (nix shells, python, c++, ruby, etc.) is acceptable
• Excellent communication skills and problem-solving ability
• Troubleshooting skills and strong technical learning aptitude

CORE WORK ACTIVITIES

• Creating and performing review and validation of daily compliance reports to track business as usual and out of policy activities.
• Working with the Cybersecurity Incident Response Team and Threat Intelligence Team to identify content improvements.
• Assisting the Cybersecurity Incident Response Team and Threat Intelligence Team with searches by acting as an expert in Splunk Search Language.
• Provides input to the overall SIEM security services architecture, governance model.
• Provide technical oversight, standardization and validation of the effectiveness of SIEM content service.
• Participates in efforts to research, design and implement components in the SIEM content development space that are standards-based, high-performing, highly available and secure.
• Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to operate and support the technology and security services.
• Develops highly-extensible, scalable, and SIEM content services that can be adopted and integrated in a wide range of Cybersecurity use cases.

• Contributes to a culture of excellence in technical security threat management and incident response.
• Participates in the evaluation and selection of security service products.
• Supports governance based on best practices and facilitates proper alignment to projects and major initiatives
• Supports analysis of the current environment to detect critical deficiencies and recommends solutions for improvement.
• Supports analysis of technology industry and market trends to determine their potential impact on security services architecture.
• Utilizes capability modeling to align systems strategy and planning with business strategy and goals.
• Consults with project teams to identify when it is necessary to modify infrastructure and security services to accommodate project needs.
• Consults with architecture teams to identify when it is necessary to modify the technical architecture to accommodate infrastructure and security needs.
• Participates in the documentation of developed content, architecture and analysis work.
• Supports, implements and promotes standard configuration and change management, processes and practices.

Delivering Technology

• Performs quantitative and qualitative analyses for service delivery processes and projects.
• Supports existing systems and projects in a minimum of one environment.
• Reviews completeness of requirements prior to Service Provider or internal solutioning
• Participates with the Service Provider or internal team in planning and coordinating implementation, reviewing quality control of systems functional design, usability, functionality, and implementation.
• Provides input to support desk change management efforts as it relates to support and training of new system
• Coordinates with appropriate IT and vendor relations teams
• Provides consultation for routine systems development
• Ensures early warning to the leadership regarding degraded or missed service level issues

This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.