Work Schedule
Standard (Mon-Fri)

Environmental Conditions
Office

Job Description

When you join us at Thermo Fisher Scientific, you'll be part of a hard-working, driven team that shares your passion for exploration and discovery. With annual revenues over $40 billion and the most significant investment in R&D in the industry, we give our more than 100,000 colleagues the resources and chances to create meaningful contributions to the world.

Summary

Discover Impactful Work: As a SIEM Engineer, you have a global responsibility for enabling cybersecurity response within the Corporate Infrastructure & Security (CIS) team. In this position, you will play a meaningful role in building and maintaining cybersecurity audit log delivery pipelines and developing searches, alerts, and dashboards within a cloud SIEM environment. Collaborating with Cybersecurity Operations, you'll help us proactively identify and respond to potential threats to keep our organization secure.

• Log Pipelines: Map out and help maintain audit log collection, transformation, and delivery to cloud SIEM and/or data lakes for long-term retention and regulatory compliance.
• Writing Queries: Build sophisticated search queries to find vital log activity and dynamically join diverse datasets together to present patterns of activity.
• Alerting and Dashboarding: Develop new alerting mechanisms tailored to our security landscape within our SIEM platform. Build insightful dashboards that provide clear visualizations of security metrics.
• Systems Administration: Support a large AWS cloud environment of Unix systems running the log collection backbone.

• Cross-Team Collaboration: Liaise with SOC analysts, security engineers, and incident responders to understand critical processes and craft effective automations.
• Documentation and Training: Ensure documentation and processes are well defined so that the engineered solutions are understood and repeatable.
• Ensure solutions are well built, backed up & restore tested, and consistently maintained for health.
• Problem Solving & Communication: Excellent analytical and problem-solving skills. Ability to communicate technical concepts to different audiences.

• Bachelor's Degree in cybersecurity, computer science, systems engineering, or related field. Equivalent work experience is acceptable.
• Certifications not required, but encouraged: Splunk Cloud Certified Admin, Splunk Enterprise Security Certified Admin, AWS Solutions Architect, AWS Cloud Security Engineer

• 2+ years of experience in a security engineering role with a focus on Splunk Cloud & engineering and development. Experience maintaining Splunk forwarders, fleets of apps and add-ons, handling configuration and version upgrades.
• 2+ years of experience managing Splunk Enterprise Security development and tuning. Experience developing RBA use-cases, data normalization, and assets & identities configuration.
• At least two years experience in AWS/Cloud-native platforms

• In-depth knowledge of SOAR platforms (Splunk SOAR/Phantom, Palo Alto XSOAR, Swimlane, etc.).
• Strong scripting skills in Python or other relevant languages.
• Understanding of network security protocols, threat intelligence sources, and incident response methodologies.