80 Exabeam Jobs

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMSTDR Senior (TechOps) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 10 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMSTDR Senior (TechOps) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 10 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

A career in our Advisory Acceleration Centre is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities, coaching them to deliver results. Demonstrate critical thinking and the ability to bring order to unstructured problems. Use a broad range of tools and techniques to extract insights from current industry or sector trends. Review your work and that of others for quality, accuracy and relevance. Know how and when to use tools available for a given situation and can explain the reasons for this choice. Seek and embrace opportunities which give exposure to different situations, environments and perspectives. Use straightforward communication, in a structured way, when influencing and connecting with others. Able to read situations and modify behavior to build quality relationships. Uphold the firm's code of ethics and business conduct. Threat Hunter - CaaS Required Qualifications As a Threat Hunter (Senior Associate) within the Cyber as a Service (CaaS) practice, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to: 4-9 years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Incident Response, or Penetration Testing/Red Team. At a minimum, a Bachelor's Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security. Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools. Advanced knowledge of operating system internals and security mechanisms. Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must Roles & Responsibilities Continuously search for signs of advanced threats and anomalies within the network and systems, even when no specific alerts or incidents have been triggered. Develop and execute proactive threat hunting queries, use cases, or algorithms to identify potential security risks. Stay updated on the latest threat intelligence feeds, industry reports, and emerging attack techniques. Analyze threat intelligence data to understand attacker tactics, techniques, and procedures (TTPs) and CKC phases, and incorporate this knowledge into threat hunting activities. Investigate and analyze endpoints (computers, servers, and devices) for suspicious activities and indicators of compromise (IoCs). Utilize endpoint detection and response (EDR) tools to gather telemetry data and perform in-depth analysis. Analyze network traffic and flow data to identify unusual patterns, unauthorized access, and potential threats. Use network forensic tools and packet capture techniques to investigate network-based incidents, if available and required. Identify deviations from normal behavior by studying user and entity behavior analytics (UEBA) and applying anomaly detection methods, if applicable. Detect signs of lateral movement, privilege escalation, and other MITRE tactics by monitoring user accounts and permissions. Analyze suspicious files or malware samples to understand their functionality and assess the level of threat they pose. Collaborate with the L2 analyst team to develop mitigation strategies based on malware analysis. Develop and maintain threat hunting playbooks or runbooks that outline standardized procedures and methodologies for conducting threat hunting activities. Collaborate with L1 and L2 analysts, and other relevant teams to ensure a coordinated response to identified threats. Communicate findings and recommendations effectively to technical and non-technical stakeholders. Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development. Participate in knowledge-sharing initiatives within the threat hunting team to enhance collective expertise. Maintain detailed records of threat hunting activities, including findings, actions taken, and outcomes. Prepare comprehensive reports on threat hunting results, including recommended actions and areas for improvement. Work with internal and client teams to develop and implement mitigation and remediation strategies to eliminate or contain identified threats. Provide guidance on improving security controls and reducing the attack surface based on threat hunting findings. Ensure adherence to established threat hunting processes and procedures. Identify opportunities for process improvement and contribute to the enhancement of threat hunting methodologies. Be available for on-call schedules, including evenings and weekends, to assist with critical and high-severity security incidents and escalations. Maintain composure and efficiency in high-pressure situations. Experience & Skills 4-9 years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework CISSP and any one or more of the following GIAC certifications: GCIA, GSOC, GMON, GCDA, GDAT, GCED, GCFE, GCFA, GNFA, GREM, GCLD preferred. Ability to use data to 'tell a story'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders. Experience and knowledge of scripting languages such as JavaScript, Python, PHO, Bash, PowerShell, etc. is an asset Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models is an asset Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks is an asset Experience in security device management and multiple SIEM platforms Proficient in preparation of reports, dashboards and documentation Excellent communication and leadership skills Experience in performing vendor management Ability to handle high pressure situations with key stakeholders Good Analytical skills, Problem solving and Interpersonal skills A demonstrated commitment to valuing differences and working alongside diverse people and perspectives Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Staff (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc Assist in remote and on-site gap assessment of the SIEM solution. Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc) Asist in evaluating SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM Experience in SIEM content development which includes : Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Experience in creating custom commands, custom alert action, adaptive response actions etc Qualification & experience: Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies Experience in SOC as L1/L2 Analyst will be an added advantage Strong oral, written and listening skills are an essential component to effective consulting. Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline (CEH, Security+, etc) will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

The Associate Threat Analyst will provide intrusion/incident monitoring and detection utilizing customer provided data sources, audit and monitoring tools at both the government and enterprise level. An Associate Threat Analyst is required to be flexible and adapt to change quickly. The Associate Threat Analyst will work closely with our Threat Analyst to service customers through our Managed Detection and Response offering. How You’ll Make An Impact Analyze, document and report on potential security incidents identified in customer environments. Work with partners to maintain an understanding of security threats, vulnerabilities, and exploits that could impact systems, networks, and assets. Provide triage on various security enforcement technologies including, but not limited to SIEM, anti-virus, content filtering/reporting, malware prevention, firewalls, intrusion detection systems, web application firewalls, messaging security platforms, vulnerability scanners etc. Perform knowledge transfers, document, and triage client’s issues regarding mitigation of identified threats Provide ongoing recommendations customers on best practices Actively research current threats and attack vectors being exploited in the wild Utilize defined SOP’s and KB’s Performs other duties as assigned Complies with all policies and standards What We’re Looking For Less than 2years of working with Incident Ticketing Systems (i.e. ServiceNow, Remedy, Remedy Force, Heat, etc.). required Desire to gain full-time professional experience in the Information Security field Excellent time management, reporting, communication skills, and ability to prioritize work Ability to generate comprehensive written reports and recommendations Write professional emails Previous experience as a point of escalation in a technical environment Customer interactions and working through various issues Base knowledge of contemporary security architectures/devices such as firewalls, routers, switches, load balancers, remote access technologies, anti-malware, SIEM, and AV Ability to work customer’s environments to report on critical security events Ability to troubleshoot technical problems and ask probing questions to find the root cause or a problem Queue management Data analysis using SIEM, Database tools such as Elastic, and Excel Experience troubleshooting security, network, and or endpoints IDS monitoring/analysis with tools such as Sourcefire and Snort Experience with SIEM platforms preferred (QRadar, LogRhythm, Exabeam, Securonix, and Splunk) Familiarity with web-based attacks and the OWASP Top 10 at a minimum Attack vectors and exploitation Mitigation, Active Directory Direct (E.g. SQL Injection) versus indirect (E.g. cross-site scripting) attacks Familiarity with SANS top 20 critical security controls Understand the foundations of enterprise Windows security including: Windows security architecture and terminology Common system hardening best practices Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS) Experience in monitoring at least one commercial AV solution such as (but not limited to) Carbon Black, CrowdStrike, McAfee/Intel, Symantec, Sophos or Trend Micro Ability to identify common false positives and make suggestions on tuning Malware, Denial of Service Attacks, Brute force attacks Understanding of base malware propagation and attack vectors Propagation of malware in enterprise environments Experience with malware protection tools such as FireEye a plus. Understanding of malware mitigation controls in an enterprise environment. Network Based Attacks / System Based Attacks Familiarity with vulnerability scoring systems such as CVSS Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks Eligibility to obtain security clearance Shift flexibility, including the ability to provide on call support when needed This role is Work from Office and 24/7 shifts What You Can Expect From Optiv A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups. Work/life balance Professional training resources Creative problem-solving and the ability to tackle unique, complex projects Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. The ability and technology necessary to productively work remotely/from home (where applicable) EEO Statement Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law. Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. CMSTDR Senior (TechOps) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Perform remote and on-site gap assessment of the SIEM solution. Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Evaluate SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Understand customer requirements and recommend best practices for SIEM solutions. Offer consultative advice in security principles and best practices related to SIEM operations Design and document a SIEM solution to meet the customer needs Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM Experience in handling big data integration via Splunk Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 to 10 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Strong oral, written and listening skills are an essential component to effective consulting. Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary. Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting. Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Staff (CTM – Threat Detection & Response) KEY Capabilities: Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Minimum of Splunk Power User Certification Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Assist in remote and on-site gap assessment of the SIEM solution. Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.) Asist in evaluating SIEM based on the defined criteria and prepare audit reports Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment. Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers Verification of data of log sources in the SIEM, following the Common Information Model (CIM) Experience in parsing and masking of data prior to ingestion in SIEM Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM Experience in SIEM content development which includes : Hands-on experience in development and customization of Splunk Apps & Add-Ons Builds advanced visualizations (Interactive Drilldown, Glass tables etc.) Build and integrate contextual data into notable events Experience in creating use cases under Cyber kill chain and MITRE attack framework Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications. Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience: Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies Experience in SOC as L1/L2 Analyst will be an added advantage Strong oral, written and listening skills are an essential component to effective consulting. Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )

Position Summary The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role. Responsibilities Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool. Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting Manage implementation, enhancement and adoption of the solutions built by the team into operations Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team Ensure compliance with internal policies, standards, and regulatory requirements Contribute to creation of security operation runbooks, threat hunting run books Required Skills & Knowledge Requires at least 6+ years of relevant industry experience preferably in SIEM Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc. Good written and verbal communication skills Experience working in site-reliability engineering, cloud security, system engineering, or similar positions Demonstrated experience with running systems at scale Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details A Computer Science or Engineering degree is preferred, but not required AutomationProficiency in scripting language such as Python or Bash. Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider. Bonus Points: Experience analysing and interpreting large volumes of data to identify potential threats and security incidents Nice to haveExperience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL Nice to haveAn understanding of attacker exploit and evasion techniques Nice to have competency in BigQuery, Athena, or any cloud provider query language. Nice to have familiarity with regex SANS (GCFR, GMON, or other related certifications )