Staff Engineer II - Cyber

Western Alliance Bank•Phoenix, AZ

About The Position

Western Alliance Bank is seeking a passionate, experienced, and results-driven Cyber Engineer to cultivate and manage a state-of-the-art SIEM infrastructure. The Staff Engineer II will develop and execute strategies to ingest security logs from various applications and infrastructure platforms. The Staff Engineer II will enrich logs with metadata from various threat intelligence sources. We want a creative, highly motivated engineer who will take initiative, have a good sense of urgency, and is comfortable working in a fast paced, agile environment. In this role, you will be assigned specific engineering tasks and meet weekly with your manager and peers towards completion of these tasks. You must be very good at documenting changes and have demonstrative experience in ITIL change management procedures. Likewise you will develop and maintain powershell, python, bash, and ruby scripts. You will also be required to complete continual training and certification in the field of security platform engineering. This role reports to the Director of the Security Monitoring Center Solid understanding of logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting. Demonstrative SIEM administration. A solid understanding of and administrative experience with of Elastic Stack is a plus (aka: elasticsearch; elk; Elastic Logstash Kibana; ElasticCloud) is a plus. Demonstrative SOAR administration and playbook authoring. A solid understanding of and administrative experience with Palo Alto XSOAR is a plus. Coordinate activities with other SMC Engineers to drive accuracy, improve MTTR, and automate cyber analysis and enrichment. Solid understanding and demonstrative experience with Python, Powershell, and Bash. Capable of operating entirely day-to-day on a Linux platform. Demonstrative use and or development of AI driven work flows.

Requirements

6+ years of related experience in IT--Security, IT--App Support, IT--Development or similar field.
Bachelor's degree in related field required.
Advanced to expert experience with and knowledge of Linux, Python, PowerShell, SIEM and Bash.
Solid understanding of authentication protocols SAML, SSO, and LDAP.
Solid understanding of concepts regarding SIEM, SOAR, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, and EDR.
Advanced experience with logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
Solid understanding of load balancers, DNS, SMTP, etc. for troubleshooting application functionality.
Advanced experience of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
Experience with interpreting and analyzing packet captures via elasticsearch .
Advanced speaking and writing communication skills.

Nice To Haves

A solid understanding of and administrative experience with of Elastic Stack is a plus (aka: elasticsearch; elk; Elastic Logstash Kibana; ElasticCloud) is a plus.
A solid understanding of and administrative experience with Palo Alto XSOAR is a plus.

Responsibilities

Develop and execute strategies to ingest security logs from various applications and infrastructure platforms.
Enrich logs with metadata from various threat intelligence sources.
Document changes and have demonstrative experience in ITIL change management procedures.
Develop and maintain powershell, python, bash, and ruby scripts.
Complete continual training and certification in the field of security platform engineering.
Coordinate activities with other SMC Engineers to drive accuracy, improve MTTR, and automate cyber analysis and enrichment.