Technical Account Manager
This position will be fully remote and can be hired anywhere in the continental U.S.
The Technical Manager (AFC Engineering) works as a member of the Cyber Operations Team. The primary focus for this role is to provide oversight on all engagement, act as a go-to senior most technical expert who leads and troubleshoots teams through complex problems.
The successful candidate will possess deep technical knowledge on a number of security technologies to include cloud technologies (i.e. AWS, GCP, Azure); have a solid understanding of information security and networking, and extensive experience interacting with customers and is responsible for delivery of client specific SIEM management solutions. This position also serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team.
How you'll make an impact
- Convert the business needs of the client into precise features and functionality.
- Establish strategies, roadmaps, and strategy execution programs, closely collaborate with engagement leads.
- Rationalize security solutions considering requirements, risks, restrictions, and strategic client objectives. Maintain responsibility for concurrent projects (leadership, project knowledge, and client details).
- Assist in assisting with the documentation of business needs, use cases, and investment return "value" accomplishment goals.
- Participate in, or serve as, the primary technical focal point for pre- and post-sales engagements.
- Provide expertise assessing security event data for attack trends and comprehending attacker techniques in a large enterprise context.
- Provide technical support for business proposals, contracts, and requests for bids and information.
- Identify and share opportunities for cross-selling and up-selling AFC services.
- Exhibit working knowledge of Threat Intelligence Teams to read IOCs and effectively use them for alerting.
- Show a proficiency in identifying new risks utilizing a variety of web sources.
- Share knowledge of monitoring tools such firewalls, host- and network-based intrusion detection systems, web applications, anti-virus, web application firewall, proxy, and operating system logs.
- Write up technical documentation for the information sent to the SIEM.
- Collaborate with incident responders and anomaly detection to enhance data quality and lower false positives.
- Review trends and discrepancies that might point to sophisticated cyberattacks.
- Provide expertise in creating SIEM correlation rules to identify new threats beyond the reach of present detection methods.
- Develop creative ways to automate processes and shorten the lead time for operational adjustments.
- Develop regulations for audit needs, compliance, and engineering measures (such as watch lists for current threats).
- Manage log source groups, confirm custom reports, configure backups, and confirm log sources with the client.
- Exhibit the ability to review and install any new SIEM, appliance, or virtual appliance software or policy updates that are applicable.
- Conduct a health check.
- Conduct an official architectural review.
- Create new rules, rule updates, and custom reports, as necessary.
- Control user accounts for SIEM (creating, deleting, editing, etc.).
- Be proficient in adding/deleting log sources. Work with the vendor to troubleshoot log source or system issues and disclose system flaws as necessary.
- Handle vendor requests for product improvements and features as necessary.
- Apply fixes, updates, and upgrades to your program as necessary.
- Create Watch Lists that are specific to each client.
- Manage technical accounts for a select group of exclusive, key clients.
- Take lead of major updates and improvements to the SIEM client environment.
- Produce specialized documentation for both internal and external use.
- Attend vendor-specific events and conferences for business and professional development.
- Responsible for mentoring and training SIEM Engineer II staff.
- In charge of setting up and testing new products and technology.
- Help with the SOC's work process design and documentation.
What we're hiring for
- Subject matter expert for onboarding SIEM components for existing and new clients.
- Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
- Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
- Working experience with Threat intelligence teams to be able to interpret IOC’s and use them efficiently for alerting.
- Experience using multiple online sources in order to identify new threats
- Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
- Create technical documentation around the content deployed to the SIEM
- Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
- Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
- Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
- Manage appliance or virtual appliance OS and SIEM software.
- Create innovative solutions to automate and reduce timeframes for operational changes as well as the initial installation of the platform.
- Create rules for compliance and audit requirements and create and manage Watch Lists for current threats.
- Configure backups, verify custom reports, manage log source groups, and validate log sources with the client.
- Review and apply any newly available and applicable SIEM and/or appliance/virtual appliance software or policy updates monthly.
- Perform formal Health Check and administrative password change.
- Perform formal Architectural Review.
- Create custom rules/rule modifications and custom reports/ report modifications as needed.
- Manage SIEM user accounts (create, delete, modify, etc.).
- Add /Remove log sources. Troubleshoot issues with log sources or systems with the vendor, and report system defects as needed.
- Manage product enhancement/feature requests with vendors as needed.
- Perform software upgrades, updates, and patches as needed.
- Create client-specific Watch Lists if necessary.
- Perform technical account management duties for specific top-tier, strategic clients.
- Responsible for major SIEM client environmental changes including upgrades.
- Create custom documentation for internal and external needs.
- Responsible for mentoring and training of SIEM Engineer II employees
- Attend vendor-specific meetings and conferences for business and professional development.
- Responsible for testing and configuring new products and technologies.
- Assist with designing and documenting work processes within the SOC.
What you can expect from Optiv
- A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups (http://www.optiv.com/company/about-us#dei-group) .
- Work/life balance
- Professional training resources
- Creative problem-solving and the ability to tackle unique, complex projects
- Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
- The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law. Optiv respects your privacy.
By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice (http://www.optiv.com/job-applicant-privacy-notice) . If you sign up to receive notifications of job postings, you may unsubscribe at any time.