Job Number 24169211

Job Category Information Technology

Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States

Schedule Full-Time

Located Remotely? Y

Relocation? N

Position Type Management

JOB SUMMARY

We are seeking a highly skilled and experienced Senior SIEM and UEBA Engineer to join our cybersecurity operations team. The ideal candidate will have extensive experience in security architecture and engineering, with a strong focus on SIEM, UEBA platforms and log management. Responsibilities include design, implementation, and maintenance of SIEM, UEBA and log management systems. This role will provide engineering support for Insider Threat and Detection Engineering analytics teams to support development of threat detections.

CANDIDATE PROFILE

Education and Experience

Required:

Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification

3+ years of experience in:

Security architecture and engineering experience on SIEM, UEBA, and log collection and management platforms.

Scripting language experience (*nix shell scripting, Python, PowerShell, etc.) and regular expressions

Linux and Microsoft operating systems (advanced knowledge)

5+ years of experience in some or all of the following:

Experience working in (or with) security functions such as SOC, CIRT, security engineering, risk management, vulnerability management.

Technical infrastructure operations, administration, or systems engineering

Preferred Skills/Experience:

Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or an equivalent .

Splunk Certification, including Splunk Enterprise Security Certified Admin

Cribl Certified Admin: Stream

Working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022

Working knowledge of the MITRE ATTCK Framework

Exabeam UEBA platform and Advanced Analytics administration

Splunk Enterprise platform and Splunk Enterprise Security administration

Hands on experience with logging implementations for services/assets incloud service provider platforms (AWS, Azure, GCP)

Familiarity with Identity and access management systems, firewalls, next-gen anti-malware, intrusion detection and prevention systems, proxies, reverse proxies, credential vaults, and database fundamentals.

Knowledge of IP networking

Solid written and verbal communication skills

Core Responsibilities

What You’ll be Doing:

Designing, implementing, and maintaining the SIEM, UEBA, and log management systems.

Implementing and maintaining data pipelines to analytics platforms to support threat detection with SIEM, UEBA, and other log collection and management tools.

Working with Insider Threat, Detection Engineering, and other security analytics teams to support the development of threat detection analytics. This includes integrations, data onboarding, data normalization, and stack tuning, for SIEM and UEBA platforms. You’ll also collaborate with other security analytics teams to support data onboarding and other data management work for analytics development in Amazon Security Lake.

Collaborating with stakeholders in Global Information Security, Enterprise Architecture and other IT teams on the development of procedures, standards, integration and operability patterns for logging and monitoring.

Identifying and resolving escalated engineering-level analytics platform performance and functional problems for SIEM, UEBA, and log management systems.

Collaborating with other teams such as Security Architecture, Security Engineering, Policy and Compliance, network operations teams, dev ops teams to ensure the security of our infrastructure through the application of security controls for SIEM, UEBA, and log management systems.

Keeping pace with the latest security trends, threats, and technologies and making recommendations for improvements to our security posture.

Providing technical guidance and mentoring to junior team members.

Creating reports on analytics platform operations, documenting engineering processes, creating SOPs, and presenting findings and issues remediation plans to management and other stakeholders

Provide direction and support for the development of platform metrics, dashboards, and reports for analytics platforms to support operational monitoring.

Additional Responsibility:

Contribute to ongoing development and maintenance of documented standards, workflows, and best practices within the Analytics Platform Engineering discipline.

Research emerging threats and adversary tactics, techniques, and procedures to understand the threat landscape and the implications on our analytics platform architecture and configurations to maintain good security posture.

Provide governance support for the analytics platforms such as platform management standards and change oversight.

Support budgeting work with analysis of analytics platform resource and licensing utilization and forecasted needs.

Occasional participation in evaluations of new platforms, technologies and methodologies pertaining to security monitoring.

Attend SCRUM and prioritization meetings to review and update deliverables.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.