Job Number 20030221
Job Category Information Technology
Location Marriott International HQ| 10400 Fernwood Road| Bethesda|
Maryland| United States
Position Type Management
Start Your Journey With Us
Marriott International is the world’s largest hotel company| with more brands|
more hotels and more opportunities for associates to grow and succeed. We
believe a great career is a journey of discovery and exploration. So| we ask|
where will your journey take you?
Serves as Splunk engineer responsible for developing SIEM content to monitor
and detect of potential security incidents across the Marriott enterprise.
Responsible for SIEM content management| content creation| rule tuning|
reporting| alert creation. Produces high-quality process documentation for
monitoring and content creation tasks. Leverages knowledge of monitoring|
analyzing| detecting| and responding to Cyber events and incidents to develop
and implement monitoring and alerting for information systems and networks.
Education and Experience
Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
7+ years of information technology experience
5+ years of experience in some or all of the following:
Incident Response or Security Operations Center (SOC) teams
Scripting or programming language| including Python
API development and integration
Other logging platforms (ArcSight| SumoLogic| QRadar| etc.)
Current information security certification| including Certified Information Security Manager (CISM)| Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
Experience with architecting| implementing| and operating Splunk or other big data platforms
Experience with IDS| IPS| and SIEM appliance architecture| operations| and management
Experience working in a globally distributed enterprise environment
Experience with monitoring use case implementation methodologies
Knowledge of Linux| Unix and Microsoft operating systems
Knowledge of TCP/IP protocols
Experience using regex (regular expressions) with a scripting language (nix shells| python| c++| ruby| etc.) is acceptable
Excellent communication skills and problem-solving ability
Troubleshooting skills and strong technical learning aptitude
CORE WORK ACTIVITIES
Creating and performing review and validation of daily compliance reports to track business as usual and out of policy activities.
Working with the Cybersecurity Incident Response Team and Threat Intelligence Team to identify content improvements.
Assisting the Cybersecurity Incident Response Team and Threat Intelligence Team with searches by acting as an expert in Splunk Search Language.
Provides input to the overall SIEM security services architecture| governance model.
Provide technical oversight| standardization and validation of the effectiveness of SIEM content service.
Participates in efforts to research| design and implement components in the SIEM content development space that are standards-based| high-performing| highly available and secure.
Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to operate and support the technology and security services.
Develops highly-extensible| scalable| and SIEM content services that can be adopted and integrated in a wide range of Cybersecurity use cases.
Contributes to a culture of excellence in technical security threat management and incident response.
Participates in the evaluation and selection of security service products.
Supports governance based on best practices and facilitates proper alignment to projects and major initiatives
Supports analysis of the current environment to detect critical deficiencies and recommends solutions for improvement.
Supports analysis of technology industry and market trends to determine their potential impact on security services architecture.
Utilizes capability modeling to align systems strategy and planning with business strategy and goals.
Consults with project teams to identify when it is necessary to modify infrastructure and security services to accommodate project needs.
Consults with architecture teams to identify when it is necessary to modify the technical architecture to accommodate infrastructure and security needs.
Participates in the documentation of developed content| architecture and analysis work.
Supports| implements and promotes standard configuration and change management| processes and practices.
Performs quantitative and qualitative analyses for service delivery processes and projects.
Supports existing systems and projects in a minimum of one environment.
Reviews completeness of requirements prior to Service Provider or internal solutioning
Participates with the Service Provider or internal team in planning and coordinating implementation| reviewing quality control of systems functional design| usability| functionality| and implementation.
Provides input to support desk change management efforts as it relates to support and training of new system
Coordinates with appropriate IT and vendor relations teams
Provides consultation for routine systems development
Ensures early warning to the leadership regarding degraded or missed service level issues