Information Security SIEM - Corporate & Investment Banking-1904384
The information Security SIEM serves in a technical capacity in evaluating and designing security solutions and works with technicians throughout the program in implementing, maintaining and constantly improving the information security practice while managing and maintaining our efforts in the areas of Information Security, Governance, Risk and Compliance. S/he provides patches and upgrades to existing systems, designs web-based, mobile technology, cloud, and security interface to meet the specific needs of users, prepares operating instructions, compiles documentation of program development, and analyzes system capabilities to resolve questions of program intent, output requirements, input data acquisition, programming techniques, and controls.
Monitor for and detect security events from SIEM, Log collection Engines and other security technologies, such as Splunk
Perform investigations using various Monitoring Security technologies (i.e. IDS/IPS, DLP, etc.)
Review alerts escalated by end users
Perform initial triage of incoming issues (initially assessing the priority of the event, initial determination of event to determine risk and damage or appropriate routing of security or privacy data request)
Monitoring of health alerts and downstream dependencies
Provide limited response to end users for low complexity security eventS
Review and take a proactive approach to false positive and work with the various Security teams to tune and provide feedback to improve accuracy of the alerts
Document, investigate and notifying appropriate contact for security events and response
Takes an active part in the resolution of events, even after they are escalated
Must participate in an on-call schedule
At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams. We encourage everyone to apply.
Bachelor's Degree in Computer Science or equivalent major, or equivalent work experience
9-12 years experience in IT Security
Ability to demonstrate understanding of Security investigations process and procedures
General network knowledge, TCP/IP, Internet Routing, UNIX / LINUX & Windows NT
Demonstrate experience in windows/Unix scripting languages such as bash, python, regex, power Shell etc.
Demonstrate excellent communication and organizational skills.
Demonstrate ability to work with an Incident Management Tool (RSA Archer, ServiceNow).
General Desktop OS and Server OS knowledge
Understanding of common network services (web, mail, DNS, authentication)
Ability to demonstrate technical experience working with enterprise security technologies like SIEM, antivirus/malware, IDS, WAF, DDoS mitigation platforms
Preferred Training, Qualifications, and Certifications:
:New York-New York-200 Liberty Street
:New Jersey-Holmdel-101 Crawfords Corner Road
:Aug 19, 2019, 4:49:17 PM
AN EQUAL OPPORTUNITY EMPLOYER M/F/Vet/Disabled/SO